sasl: Fixed missing qop in the client's challenge-response message

Whilst the qop directive isn't required to be present in a client's response, as servers should assume a qop of "auth" if it isn't specified, some may return authentication failure if it is missing.

sasl: Fixed missing qop in the client's challenge-response message
Whilst the qop directive isn't required to be present in a client's response, as servers should assume a qop of "auth" if it isn't specified, some may return authentication failure if it is missing.
8342b6e1 · Steve Holme · ba704878 · 8342b6e1
Commit 8342b6e1 authored 10 years ago by Steve Holme
--- a/lib/curl_sasl.c
+++ b/lib/curl_sasl.c
@@ -533,9 +533,11 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,

  /* Generate the response */
  response = aprintf("username=\"%s\",realm=\"%s\",nonce=\"%s\","
-                     "cnonce=\"%s\",nc=\"%s\",digest-uri=\"%s\",response=%s",
+                     "cnonce=\"%s\",nc=\"%s\",digest-uri=\"%s\",response=%s,"
+                     "qop=%s",
                     userp, realm, nonce,
-                     cnonce, nonceCount, uri, resp_hash_hex);
+                     cnonce, nonceCount, uri, resp_hash_hex,
+                     qop);
  if(!response)
    return CURLE_OUT_OF_MEMORY;