diff options
| author | Pierre-Yves Bigourdan <pierre-yves.bigourdan@bbc.co.uk> | 2020-02-06 15:43:06 +0000 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2020-02-07 22:46:21 +0100 |
| commit | feba3f0549af546677ee2d924344234fd91b8f50 (patch) | |
| tree | 0b9026d8a38a8b13980c9ccd8612b7322c1b0ee4 /lib/vauth | |
| parent | 5ce7102ceae250e2d31b54aad2f33b3bc35f243a (diff) | |
| download | curl-feba3f0549af546677ee2d924344234fd91b8f50.tar.gz | |
digest: Do not quote algorithm in HTTP authorisation
RFC 7616 section 3.4 (The Authorization Header Field) states that "For
historical reasons, a sender MUST NOT generate the quoted string syntax
for the following parameters: algorithm, qop, and nc". This removes the
quoting for the algorithm parameter.
Reviewed-by: Steve Holme
Closes #4890
Diffstat (limited to 'lib/vauth')
| -rw-r--r-- | lib/vauth/digest.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/vauth/digest.c b/lib/vauth/digest.c index 8cd4d83ed..4d3839d90 100644 --- a/lib/vauth/digest.c +++ b/lib/vauth/digest.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -899,7 +899,7 @@ static CURLcode _Curl_auth_create_digest_http_message( if(digest->algorithm) { /* Append the algorithm */ - tmp = aprintf("%s, algorithm=\"%s\"", response, digest->algorithm); + tmp = aprintf("%s, algorithm=%s", response, digest->algorithm); free(response); if(!tmp) return CURLE_OUT_OF_MEMORY; |