Closed macosforgebot closed 13 years ago
@wsanchez originally submitted this as comment:1:ticket:422
@wsanchez originally submitted this as comment:2:ticket:422
See http://www.ietf.org/rfc/rfc2617.txt, section 1.2:
HTTP provides a simple challenge-response authentication mechanism that MAY be used by a server to challenge a client request and by a client to provide authentication information. It uses an extensible, case-insensitive token to identify the authentication scheme, followed by a comma-separated list of attribute-value pairs which carry the parameters necessary for achieving authentication via that scheme.
@cyrusdaboo originally submitted this as comment:3:ticket:422
My fault: that comment in RFC2617 actually refers to the auth method not the algorithm value. The spec does not indicate whether the algorithm is case-sensitive or not (some other parameters it does give an explicit statement). However, 2517 uses the same ABNF as 2616 and in 2616 Section 2.1 it states
"literal"
Quotation marks surround literal text. Unless stated otherwise, the text is case-insensitive.
So that implies that the "literals" in the 2617 syntax are case-insensitive by default.
marten.gajda@… originally submitted this as comment:4:ticket:422
Good point. I'll file an Android bug.
Thanks.
marten.gajda@… originally submitted this as ticket:422
I'm writing a CardDAV-Sync adapter for Android and came across the following issue when connecting to caldavd: Android's HTTP implementation can not handle digest authentication when algorithm is set to "md5" instead of "MD5".
I do not know whether Android is wrong or caldavd. RFC2617 states:
but does not say anything about case-sensitivity.
I'd like to know your opinion about this. I'm not sure if I can work around this issue somehow. For the moment my only solution is to advise my users to change the algorithm to MD5.
Thanks
Marten