diff --git a/CHANGES b/CHANGES index 4107d1a46..363f3d9e0 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,11 @@ Changelog +Daniel (26 May 2006) +- Olaf Stüben fixed a bug that caused Digest authentication with md5-sess to + fail. When using the md5-sess, the result was not Md5 encoded and Base64 + transformed. + Daniel (25 May 2006) - Michael Wallner provided a patch that allows "SESS" to be set with CURLOPT_COOKIELIST, which then makes all session cookies get cleared. diff --git a/RELEASE-NOTES b/RELEASE-NOTES index ca693e1e1..5378fcd6a 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -22,6 +22,7 @@ This release includes the following changes: This release includes the following bugfixes: + o md5-sess with Digest authentication o dict with letters such as space in a word o dict with url-encoded words in the URL o libcurl.m4 when default=yes but no libcurl was found @@ -57,6 +58,6 @@ advice from friends like these: Dan Fandrich, Ilja van Sprundel, David McCreedy, Tor Arntsen, Xavier Bouchoux, David Byron, Michele Bini, Ates Goral, Katie Wang, Robson Braga Araujo, Ale Vesely, Paul Querna, Gisle Vanem, Mark Eichin, Roland Blom, Andreas - Ntaflos, David Shaw, Michael Wallner + Ntaflos, David Shaw, Michael Wallner, Olaf Stüben Thanks! (and sorry if I forgot to mention someone) diff --git a/lib/http_digest.c b/lib/http_digest.c index 5baccfe58..e1aec3919 100644 --- a/lib/http_digest.c +++ b/lib/http_digest.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2004, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2006, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -303,10 +303,11 @@ CURLcode Curl_output_digest(struct connectdata *conn, if(d->algo == CURLDIGESTALGO_MD5SESS) { /* nonce and cnonce are OUTSIDE the hash */ tmp = aprintf("%s:%s:%s", ha1, d->nonce, d->cnonce); - free(ha1); if(!tmp) return CURLE_OUT_OF_MEMORY; - ha1 = (unsigned char *)tmp; + Curl_md5it(md5buf, (unsigned char *)tmp); + free(tmp); /* free this again */ + md5_to_ascii(md5buf, ha1); } /*