AuroraMiddleware/qt5base-lts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Correct algorithm for digest auth when using the CONNECT verb

Browse Source 
QHttpSocketEngine fails to authenticate to an HTTP proxy that is using
Digest authentication and the CONNECT method (i.e. when you are
tunneling TLS over HTTP). The bug is due to a bad parameter being
passed to QAuthenticatorPrivate::calculateResponse - the requestMethod
parameter is passed in as "CONNECT " instead of "CONNECT" (note the
trailing space).

Because an MD5 hash is derived from this method when using the
qop="auth" flavor of Digest auth, the hash does not match the expected
value and authentication always fails in this configuration.

Change-Id: Ia97ce5967bfb57b28db7614347ffdcaa56e4da0c
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
This commit is contained in:
Bradley Buda 2013-07-10 17:29:22 -07:00 committed by The Qt Project
parent 376abfab39
commit 5cab14b8a1
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/network/socket/qhttpsocketengine.cpp
View File

@ -497,12 +497,13 @@ void QHttpSocketEngine::slotSocketConnected()
Q_D(QHttpSocketEngine);
// Send the greeting.
const char method[] = "CONNECT ";
const char method[] = "CONNECT";
QByteArray peerAddress = d->peerName.isEmpty() ?
d->peerAddress.toString().toLatin1() :
QUrl::toAce(d->peerName);
QByteArray path = peerAddress + ':' + QByteArray::number(d->peerPort);
QByteArray data = method;
data += " ";
data += path;
data += " HTTP/1.1\r\n";
data += "Proxy-Connection: keep-alive\r\n";