kjg
commented
8 years ago Thanks for reporting this issue! Please note that v1.0.3 is over 2 years old. It is possible that there was a bug with the way md5 calculations were handled in that version. Please updated to v1.5.0 or v2.0.0 to get the latest bug and security fixes. Please let us know if the issue still exists in the latest released versions.
I'm working with api-auth-1.0.3 along with rails 2.3 on JRuby.
On debugging I've found that when Header = "Content-MD5: random-sequence-of-chars-unrelated-to-body" and that same value is used in the canonical string for the HMAC signature @request.md5_mismatch? returns false