Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-32182

Digest authentication calculates the wrong hash when using the CONNECT method on an HTTP proxy

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P2: Important
    • 4.8.6, 5.2.0
    • 4.8.5
    • Network: Proxies
    • None
    • I found this bug using PhantomJS (which links against Qt) on Mac OS X 10.8, but it is likely to exist in any Qt environment. This bug seems to exist in all recent versions of Qt; it doesn't seem to be a regression.
    • 5cab14b8a1dfbb03e22b10af385fb90900a9f280 a585f2ae4538287ed57237a571e87a03c5a54207

    Description

      QHttpSocketEngine fails to authenticate to an HTTP proxy that is using Digest authentication and the CONNECT method (i.e. when you are tunneling TLS over HTTP). The bug is due to a bad parameter being passed to QAuthenticatorPrivate::calculateResponse - the requestMethod parameter is passed in as "CONNECT " instead of "CONNECT" (note the trailing space).

      Because an MD5 hash is derived from this method when using the qop="auth" flavor of Digest auth, the hash does not match the expected value and authentication always fails in this configuration.

      A very simple patch is attached. I can't offer a unit test, since I'm not really experienced in this code base, but I've verified that the proxy auth works correctly when I rebuild with this patch.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            peter-har Peter Hartmann
            bradleybuda Bradley Buda
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes