summaryrefslogtreecommitdiffstats
path: root/src/scripttools
diff options
context:
space:
mode:
authorBradley Buda <bradleybuda@gmail.com>2013-07-11 00:29:22 (GMT)
committerThe Qt Project <gerrit-noreply@qt-project.org>2014-01-23 08:23:57 (GMT)
commita585f2ae4538287ed57237a571e87a03c5a54207 (patch)
tree38549fc8768c48d4281c14fc8b99ed718019f7cc /src/scripttools
parent40db54f8182e427f76c663aec15c3a6a682b3c9f (diff)
downloadQt-a585f2ae4538287ed57237a571e87a03c5a54207.zip
Qt-a585f2ae4538287ed57237a571e87a03c5a54207.tar.gz
Qt-a585f2ae4538287ed57237a571e87a03c5a54207.tar.bz2
Correct algorithm for digest auth when using the CONNECT verb
QHttpSocketEngine fails to authenticate to an HTTP proxy that is using Digest authentication and the CONNECT method (i.e. when you are tunneling TLS over HTTP). The bug is due to a bad parameter being passed to QAuthenticatorPrivate::calculateResponse - the requestMethod parameter is passed in as "CONNECT " instead of "CONNECT" (note the trailing space). Because an MD5 hash is derived from this method when using the qop="auth" flavor of Digest auth, the hash does not match the expected value and authentication always fails in this configuration. (cherry picked from commit 5cab14b8a1dfbb03e22b10af385fb90900a9f280) Change-Id: Ief025ada714e03d96a316116f6b9f1711ab2a7f7 Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Diffstat (limited to 'src/scripttools')
0 files changed, 0 insertions, 0 deletions