Commit 8342b6e1 authored by Steve Holme's avatar Steve Holme
Browse files

sasl: Fixed missing qop in the client's challenge-response message 

Whilst the qop directive isn't required to be present in a client's
response, as servers should assume a qop of "auth" if it isn't
specified, some may return authentication failure if it is missing.
parent ba704878

lib/curl_sasl.c

+4 −2
Original line number Diff line number Diff line
@@ -533,9 +533,11 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, 


  /* Generate the response */

  response = aprintf("username=\"%s\",realm=\"%s\",nonce=\"%s\","

                     "cnonce=\"%s\",nc=\"%s\",digest-uri=\"%s\",response=%s",

                     "cnonce=\"%s\",nc=\"%s\",digest-uri=\"%s\",response=%s,"

                     "qop=%s",

                     userp, realm, nonce,

                     cnonce, nonceCount, uri, resp_hash_hex);

                     cnonce, nonceCount, uri, resp_hash_hex,

                     qop);

  if(!response)

    return CURLE_OUT_OF_MEMORY;