From 5cab14b8a1dfbb03e22b10af385fb90900a9f280 Mon Sep 17 00:00:00 2001 From: Bradley Buda Date: Wed, 10 Jul 2013 17:29:22 -0700 Subject: Correct algorithm for digest auth when using the CONNECT verb QHttpSocketEngine fails to authenticate to an HTTP proxy that is using Digest authentication and the CONNECT method (i.e. when you are tunneling TLS over HTTP). The bug is due to a bad parameter being passed to QAuthenticatorPrivate::calculateResponse - the requestMethod parameter is passed in as "CONNECT " instead of "CONNECT" (note the trailing space). Because an MD5 hash is derived from this method when using the qop="auth" flavor of Digest auth, the hash does not match the expected value and authentication always fails in this configuration. Change-Id: Ia97ce5967bfb57b28db7614347ffdcaa56e4da0c Reviewed-by: Peter Hartmann --- src/network/socket/qhttpsocketengine.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/network') diff --git a/src/network/socket/qhttpsocketengine.cpp b/src/network/socket/qhttpsocketengine.cpp index e3aae8ef0d..f2a1633bd3 100644 --- a/src/network/socket/qhttpsocketengine.cpp +++ b/src/network/socket/qhttpsocketengine.cpp @@ -497,12 +497,13 @@ void QHttpSocketEngine::slotSocketConnected() Q_D(QHttpSocketEngine); // Send the greeting. - const char method[] = "CONNECT "; + const char method[] = "CONNECT"; QByteArray peerAddress = d->peerName.isEmpty() ? d->peerAddress.toString().toLatin1() : QUrl::toAce(d->peerName); QByteArray path = peerAddress + ':' + QByteArray::number(d->peerPort); QByteArray data = method; + data += " "; data += path; data += " HTTP/1.1\r\n"; data += "Proxy-Connection: keep-alive\r\n"; -- cgit v1.2.3