[Calendar and Contacts Server] #422: Digest authentication algorithm md5 & RFC2617
#422: Digest authentication algorithm md5 & RFC2617 -----------------------------------------+---------------------------------- Reporter: marten.gajda@… | Owner: wsanchez@… Type: Defect | Status: new Priority: 5: Not set | Milestone: Component: Calendar Server | Severity: Other Keywords: Digest authentication md5 | Radar: -----------------------------------------+---------------------------------- I'm writing a CardDAV-Sync adapter for Android and came across the following issue when connecting to caldavd: Android's HTTP implementation can not handle digest authentication when algorithm is set to "md5" instead of "MD5". I do not know whether Android is wrong or caldavd. RFC2617 states: algorithm = "algorithm" "=" ( "MD5" | "MD5-sess" | token ) but does not say anything about case-sensitivity. I'd like to know your opinion about this. I'm not sure if I can work around this issue somehow. For the moment my only solution is to advise my users to change the algorithm to MD5. Thanks Marten -- Ticket URL: <http://trac.calendarserver.org/ticket/422> Calendar and Contacts Server </> HTTP/WebDAV/CalDAV Server
#422: Digest authentication algorithm md5 & RFC2617 -----------------------------------------+---------------------------------- Reporter: marten.gajda@… | Owner: cdaboo@… Type: Defect | Status: new Priority: 2: Expected | Milestone: CalendarServer-3.x Component: Calendar Server | Severity: Other Keywords: Digest authentication md5 | Radar: -----------------------------------------+---------------------------------- Changes (by wsanchez@…): * priority: 5: Not set => 2: Expected * owner: wsanchez@… => cdaboo@… * milestone: => CalendarServer-3.x Old description:
I'm writing a CardDAV-Sync adapter for Android and came across the following issue when connecting to caldavd: Android's HTTP implementation can not handle digest authentication when algorithm is set to "md5" instead of "MD5".
I do not know whether Android is wrong or caldavd. RFC2617 states:
algorithm = "algorithm" "=" ( "MD5" | "MD5-sess" | token )
but does not say anything about case-sensitivity.
I'd like to know your opinion about this. I'm not sure if I can work around this issue somehow. For the moment my only solution is to advise my users to change the algorithm to MD5.
Thanks
Marten
New description: I'm writing a CardDAV-Sync adapter for Android and came across the following issue when connecting to caldavd: Android's HTTP implementation can not handle digest authentication when algorithm is set to "md5" instead of "MD5". I do not know whether Android is wrong or caldavd. RFC2617 states: {{{ algorithm = "algorithm" "=" ( "MD5" | "MD5-sess" | token ) }}} but does not say anything about case-sensitivity. I'd like to know your opinion about this. I'm not sure if I can work around this issue somehow. For the moment my only solution is to advise my users to change the algorithm to MD5. Thanks Marten -- -- Ticket URL: <http://trac.calendarserver.org/ticket/422#comment:1> Calendar and Contacts Server </> HTTP/WebDAV/CalDAV Server
#422: Digest authentication algorithm md5 & RFC2617 ------------------------------------------+--------------------------------- Reporter: marten.gajda@… | Owner: cdaboo@… Type: Defect | Status: closed Priority: 2: Expected | Milestone: CalendarServer-3.x Component: Calendar Server | Severity: Other Resolution: Behaves correctly | Keywords: Digest authentication md5 Radar: | ------------------------------------------+--------------------------------- Changes (by wsanchez@…): * status: new => closed * resolution: => Behaves correctly Comment: See http://www.ietf.org/rfc/rfc2617.txt, section 1.2: HTTP provides a simple challenge-response authentication mechanism that MAY be used by a server to challenge a client request and by a client to provide authentication information. It uses an extensible, case-insensitive token to identify the authentication scheme, followed by a comma-separated list of attribute-value pairs which carry the parameters necessary for achieving authentication via that scheme. -- Ticket URL: <http://trac.calendarserver.org/ticket/422#comment:2> Calendar and Contacts Server </> HTTP/WebDAV/CalDAV Server
#422: Digest authentication algorithm md5 & RFC2617 ------------------------------------------+--------------------------------- Reporter: marten.gajda@… | Owner: cdaboo@… Type: Defect | Status: closed Priority: 2: Expected | Milestone: CalendarServer-3.x Component: Calendar Server | Severity: Other Resolution: Behaves correctly | Keywords: Digest authentication md5 Radar: | ------------------------------------------+--------------------------------- Comment(by cdaboo@…): My fault: that comment in RFC2617 actually refers to the auth method not the algorithm value. The spec does not indicate whether the algorithm is case-sensitive or not (some other parameters it does give an explicit statement). However, 2517 uses the same ABNF as 2616 and in 2616 Section 2.1 it states "literal" Quotation marks surround literal text. Unless stated otherwise, the text is case-insensitive. So that implies that the "literals" in the 2617 syntax are case- insensitive by default. -- Ticket URL: <http://trac.calendarserver.org/ticket/422#comment:3> Calendar and Contacts Server </> HTTP/WebDAV/CalDAV Server
#422: Digest authentication algorithm md5 & RFC2617 ------------------------------------------+--------------------------------- Reporter: marten.gajda@… | Owner: cdaboo@… Type: Defect | Status: closed Priority: 2: Expected | Milestone: CalendarServer-3.x Component: Calendar Server | Severity: Other Resolution: Behaves correctly | Keywords: Digest authentication md5 Radar: | ------------------------------------------+--------------------------------- Comment(by marten.gajda@…): Good point. I'll file an Android bug. Thanks. -- Ticket URL: <http://trac.calendarserver.org/ticket/422#comment:4> Calendar and Contacts Server </> HTTP/WebDAV/CalDAV Server
participants (1)
-
Calendar and Contacts Server