6687282 code review
Christopher Hegarty - Sun Microsystems Ireland
Christopher.Hegarty at Sun.COM
Wed Apr 16 06:04:27 PDT 2008
Hi,
I need to get a code review for,
CR 6687282 : "URLConnection for HTTPS connection through Proxy w/
Digest Authentication gives 400 Bad Request".
Digest authentication uses the request-URI as part of its algorithm when
generating the response hash. The request-URI is usually the abs_path of
the uri, but not always. When tunneling the target servers 'host:port'
is used as the request-URI, e.g.
"CONNECT verisign.com:443 HTTP/1.1"
The implementation in sun.net.www.protocol.http.DigestAuthentication
only uses the abs_path of the uri. This is incorrect and the target
servers 'host:port' should be used when tunneling. Also, the request
method ( GET/POST/CONNECT ) is used when generating the response hash.
This needs to be "CONNECT" when tunneling.
(diffs below)
Thanks,
-Chris.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: jdkHttpDigest.patch
Url: http://mail.openjdk.java.net/pipermail/net-dev/attachments/20080416/24d65531/jdkHttpDigest.patch
More information about the net-dev
mailing list