[REVIEW] Carefully verify digest responses

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Tue, 02 Mar 2010 18:06:28 +0100

First drop of improved digest auth parser.

Focused on the parser & input validation, but as you can see there is
further room for improvement by moving more processing over to String.

The state of the old parser was rather scary.. not even comparing field
names correctly and several other ugly things...

Comments are very welcome while I validate the parser changes. Expect to
submit this for merge in a day or two.

A note of warning: This changes the quoted-string parser to actually
parse quoted-string.. which impacts the Surrogate-Control parser. If
that uses the parsed value to construct a new header then we also need
to make sure to properly produce quoted-string as the value is now
normalized as a token (quotes & escapes removed) where it before just
har the quotes removed.

Regards
Henrik

Received on Tue Mar 02 2010 - 17:04:18 MST

This archive was generated by hypermail 2.2.0 : Sat Mar 06 2010 - 12:00:03 MST