Your message dated Fri, 06 Jul 2012 00:33:49 +0200
with message-id <[email protected]>
and subject line Re: Bug#609836: [bug #33830] Obsolete Digest Access 
Authentication
has caused the Debian Bug report #609836,
regarding Obsolete Digest Access Authentication in wget
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
609836: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609836
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: wget
Version: 1.12-2.1

Wget uses some funny mixture from HTTP/1.0 and
obsolete Digest Access Authentication from RFC 2069
instead actual RFC 2617 and HTTP/1.1

--------------------------------------------------
Log for wget:
wget -t 1 --http-user=root --http-password=pass http://localhost:8008/dir.txt

GET /dir.txt HTTP/1.0
connection: Keep-Alive
host: localhost:8008
accept: */*
user-agent: Wget/1.12 (linux-gnu)

Responce: HTTP/1.0 401 Unauthorized
WWW-Authenticate: Digest realm="Mobile
web",qop="auth",domain="/",nonce="9FE62FF7754C7986F7F67162E4717814"
Content-Type: text/html
Content-Length: 210
Connection: Keep-Alive
Keep-Alive: timeout=3, max=100

GET /dir.txt HTTP/1.0
authorization: Digest username="root", realm="Mobile web",
nonce="9FE62FF7754C7986F7F67162E4717814", uri="/dir.txt",
response="ded7bb3affcf0f91bfe18dd443a7ffed"
connection: Keep-Alive
host: localhost:8008
accept: */*
user-agent: Wget/1.12 (linux-gnu)
Authentication failed:
md5(cd4dec95ec0056cdd5c130076ee3fe3e:9FE62FF7754C7986F7F67162E4717814:::auth:13be09fe00f018b919d8373bad8a0417)
!=ded7bb3affcf0f91bfe18dd443a7ffed

Responce: HTTP/1.0 401 Unauthorized
WWW-Authenticate: Digest realm="Mobile
web",qop="auth",domain="/",nonce="F7A81D8051617E2C322E85E7F966320D"
Content-Type: text/html
Content-Length: 210
Connection: Keep-Alive
Keep-Alive: timeout=3, max=100

ps: ded7bb3affcf0f91bfe18dd443a7ffed =
md5(cd4dec95ec0056cdd5c130076ee3fe3e:9FE62FF7754C7986F7F67162E4717814:13be09fe00f018b919d8373bad8a0417)

--------------------------------------------------
Log for Mozilla:

GET /dir.txt HTTP/1.1
authorization: Digest username="root", realm="Mobile web",
nonce="30206BADD9E5F56EA69EA96B871BDE40", uri="/dir.txt",
response="5b09228d6c1d87cdaa1eb4fbe8fd8a7c", qop=auth, nc=00000003,
cnonce="59e2e4701161e042"
if-none-match: 5373326-734421-46485
connection: keep-alive
keep-alive: 300
accept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
accept-encoding: gzip,deflate
accept-language: en-us,en;q=0.5
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
user-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16)
Gecko/20101227 Conkeror/0.9.2 (Debian-0.9.2+git100804-1)
host: localhost:8008
forget nonce 30206BADD9E5F56EA69EA96B871BDE40
Authentication failed: stale

Responce: HTTP/1.1 401 Unauthorized
WWW-Authenticate: Digest realm="Mobile
web",qop="auth",domain="/",stale="true",nonce="4B8E9B93A657D935A0DCB3DD5C5FBD9A"
Content-Type: text/html
Content-Length: 210
Connection: Keep-Alive
Keep-Alive: timeout=3, max=100

GET /dir.txt HTTP/1.1
authorization: Digest username="root", realm="Mobile web",
nonce="4B8E9B93A657D935A0DCB3DD5C5FBD9A", uri="/dir.txt",
response="b16350801eabc5e73ea2e042af5f4195", qop=auth, nc=00000001,
cnonce="670e5b31cbb7716d"
if-none-match: 5373326-734421-46485
connection: keep-alive
keep-alive: 300
accept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
accept-encoding: gzip,deflate
accept-language: en-us,en;q=0.5
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
user-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16)
Gecko/20101227 Conkeror/0.9.2 (Debian-0.9.2+git100804-1)
host: localhost:8008

Responce: HTTP/1.1 200 Ok
Authentication-Info: nextnonce="EA69F30661F022C6F2B67685EDFF063F",
rspauth="94e484f6d993fd6554affb7b206d4d3d", cnonce="670e5b31cbb7716d",
nc=00000001, qop="auth"
ETag: 5373326-734421-46485
Content-Type: text/plain
Content-Length: 5373326



--- End Message ---
--- Begin Message ---
fixed 609836 1.13.4-1
thanks

Hello Tim,

Am Freitag, den 29.06.2012, 12:35 +0000 schrieb Tim Ruehsen:

> The mixture of HTTP 1.0 and 1.1 is already fixed in 1.3.14.

Thanks Tim for this. The mixture is fixed and the RFC2617 support will
be in maybe 2 wget releases.

> Yesterday i posted a patch on the mailing list to support RFC 2617.
> I got a positive response from Michael Tarkowski, saying his former problem is
> solved with the patch applied.
> 
> The patch is backward compatible with RFC 2069 (server does not send qop). Any
> other than qop='auth' or algorithm=MD5 is not supported so far. But that
> should cover 95% of all use cases.

> Reply to this item at:
> 
>   <http://savannah.gnu.org/bugs/?33830>


-- 
Noël Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org

Attachment: signature.asc
Description: This is a digitally signed message part


--- End Message ---

Reply via email to