Skip to content
Snippets Groups Projects
Select Git revision
  • master-tlmsp default
  • master-tlmsp-latest-curl
  • bagder/runtests-duration
  • bagder/disable-progress-meter
  • master protected
  • bagder/parallel-transfers
  • bagder/hsts-rebased
  • QUIC
  • bagder/FOLLOW_IGNORE_CUSTOM
  • bagder/test-when-disabled
  • jay/test
  • bagder/curl-better-disabled-options
  • bagder/wolfssh
  • dfandrich/ci
  • TFO-windows
  • bagder/schannel-verifyhost
  • bagder/mbedtls-ssl_read-zero
  • bagder/wolfssl-crl
  • curl-7_65_1
  • curl-7_65_0
  • curl-7_64_1
  • curl-7_64_0
  • curl-7_63_0
  • curl-7_62_0
  • curl-7_61_1
  • curl-7_61_0
  • curl-7_60_0
  • curl-7_59_0
  • curl-7_58_0
  • curl-7_57_0
  • curl-7_56_1
  • curl-7_56_0
  • curl-7_55_1
  • curl-7_55_0
  • curl-7_54_1
  • curl-7_54_0
  • curl-7_53_1
  • curl-7_53_0
38 results

tlmsp-curl

  • Clone with SSH
  • Clone with HTTPS
    • user avatar
    Digst: Add microseconds into nounce calculation
    Gabriel Sjoberg authored 
    When using only 1 second precision, curl doesn't create new cnonce
values quickly enough for all uses.

For example, issuing the following command multiple times to a recent
Tomcat causes authentication failures:

curl --digest -utest:test http://tomcat.test.com:8080/manager/list

This is because curl uses the same cnonce for several seconds, but
doesn't increment the nonce counter.  Tomcat correctly interprets
this as a replay attack and rejects the request.

When microsecond-precision is available, this commit causes curl to
change cnonce values much more frequently.

With microsecond resolution, increasing the nounce length used in the
headers to 32 was made to further reduce the risk of duplication.
    e237402c
    History
    user avatar e237402c
    History
    Name Last commit Last update