sasl: Fixed missing qop in the client's challenge-response message

Whilst the qop directive isn't required to be present in a client's response, as servers should assume a qop of "auth" if it isn't specified, some may return authentication failure if it is missing.
author: Steve Holme <steve_holme@hotmail.com> 2014-05-11 15:03:16 +0100
committer: Steve Holme <steve_holme@hotmail.com> 2014-05-11 14:48:28 +0100
commit: 8342b6e1dc3fde9e91a75c349f2c9514b902d127 (patch)
tree: d11e9f5c7bdce60bc61bb26a2c30d42079148f5c
parent: ba704878bd2d080cb81af04544d2d37952fd3f2e (diff)
download: curl-8342b6e1dc3fde9e91a75c349f2c9514b902d127.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c
index d877eff6f..8a6b52217 100644
--- a/lib/curl_sasl.c
+++ b/lib/curl_sasl.c
@@ -533,9 +533,11 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
 
   /* Generate the response */
   response = aprintf("username=\"%s\",realm=\"%s\",nonce=\"%s\","
-                     "cnonce=\"%s\",nc=\"%s\",digest-uri=\"%s\",response=%s",
+                     "cnonce=\"%s\",nc=\"%s\",digest-uri=\"%s\",response=%s,"
+                     "qop=%s",
                      userp, realm, nonce,
-                     cnonce, nonceCount, uri, resp_hash_hex);
+                     cnonce, nonceCount, uri, resp_hash_hex,
+                     qop);
   if(!response)
     return CURLE_OUT_OF_MEMORY;
author	Steve Holme <steve_holme@hotmail.com>	2014-05-11 15:03:16 +0100
committer	Steve Holme <steve_holme@hotmail.com>	2014-05-11 14:48:28 +0100
commit	8342b6e1dc3fde9e91a75c349f2c9514b902d127 (patch)
tree	d11e9f5c7bdce60bc61bb26a2c30d42079148f5c
parent	ba704878bd2d080cb81af04544d2d37952fd3f2e (diff)
download	curl-8342b6e1dc3fde9e91a75c349f2c9514b902d127.tar.gz