-
Bug
-
Resolution: Fixed
-
P3
-
1.4.0
-
None
-
beta
-
sparc
-
solaris_2.6
There are some conformance/interoperability problems with the DIGEST-MD5 implementation.
1. literals are being treated with exact case, while RFC 2831 specifies case ignore.
2. parsing of incoming tokens does not accommodated quoted string values
3. some outgoing tokens are not being treated as quoted string values as per spec
4. does not detect malformed incoming tokens that do not conform to spec
(e.g., non-separator char that occurs immediately after a quoted string)
5. does not treat multiple realm/qop directives correctly
6. missing charset directive causes NullPointerException
7. doesn't ignore unrecognized qop values as per spec
8. doesn't allow linear white spaces (LWP) in incoming challenge
9. authzid being written to the wrong buffer in calculation of 'response'
10. qop and cipher values being sent back to server must be chosen from server's list of options instead of literals (might cause case mismatches); this is especially significant for qop because it is used in the 'response' hash
1. literals are being treated with exact case, while RFC 2831 specifies case ignore.
2. parsing of incoming tokens does not accommodated quoted string values
3. some outgoing tokens are not being treated as quoted string values as per spec
4. does not detect malformed incoming tokens that do not conform to spec
(e.g., non-separator char that occurs immediately after a quoted string)
5. does not treat multiple realm/qop directives correctly
6. missing charset directive causes NullPointerException
7. doesn't ignore unrecognized qop values as per spec
8. doesn't allow linear white spaces (LWP) in incoming challenge
9. authzid being written to the wrong buffer in calculation of 'response'
10. qop and cipher values being sent back to server must be chosen from server's list of options instead of literals (might cause case mismatches); this is especially significant for qop because it is used in the 'response' hash