digest: compute user:realm:pass digest w/o userhash

https://datatracker.ietf.org/doc/html/rfc7616#section-3.4.4 ... the client MUST calculate a hash of the username after any other hash calculation ... Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> Closes #8066
author: Glenn Strauss <gstrauss@gluelogic.com> 2021-11-28 02:22:40 -0500
committer: Daniel Stenberg <daniel@haxx.se> 2021-11-30 13:57:46 +0100
commit: aae235b6ba92662a6fb7b459614f7ee2e290ae17 (patch)
tree: cfa956fc7a505f4d79336a6a00a8349aba611fb1 /lib
parent: 6ad053060d213ef356d3f3943784620b4deea05a (diff)
download: curl-aae235b6ba92662a6fb7b459614f7ee2e290ae17.tar.gz
1 files changed, 1 insertions, 2 deletions
diff --git a/lib/vauth/digest.c b/lib/vauth/digest.c
index a04ffab6f..52179c265 100644
--- a/lib/vauth/digest.c
+++ b/lib/vauth/digest.c
@@ -722,8 +722,7 @@ static CURLcode auth_create_digest_http_message(
            unq(nonce-value) ":" unq(cnonce-value)
   */
 
-  hashthis = aprintf("%s:%s:%s", digest->userhash ? userh : userp,
-                                 digest->realm, passwdp);
+  hashthis = aprintf("%s:%s:%s", userp, digest->realm, passwdp);
   if(!hashthis)
     return CURLE_OUT_OF_MEMORY;
author	Glenn Strauss <gstrauss@gluelogic.com>	2021-11-28 02:22:40 -0500
committer	Daniel Stenberg <daniel@haxx.se>	2021-11-30 13:57:46 +0100
commit	aae235b6ba92662a6fb7b459614f7ee2e290ae17 (patch)
tree	cfa956fc7a505f4d79336a6a00a8349aba611fb1 /lib
parent	6ad053060d213ef356d3f3943784620b4deea05a (diff)
download	curl-aae235b6ba92662a6fb7b459614f7ee2e290ae17.tar.gz