6687282 code review
Michael McMahon
Michael.McMahon at Sun.COM
Wed Apr 16 10:03:11 PDT 2008
Looks ok to me.
- Michael.
Christopher Hegarty - Sun Microsystems Ireland wrote:
> Hi,
>
> I need to get a code review for,
> CR 6687282 : "URLConnection for HTTPS connection through Proxy w/
> Digest Authentication gives 400 Bad Request".
>
> Digest authentication uses the request-URI as part of its algorithm
> when generating the response hash. The request-URI is usually the
> abs_path of the uri, but not always. When tunneling the target servers
> 'host:port' is used as the request-URI, e.g.
> "CONNECT verisign.com:443 HTTP/1.1"
>
> The implementation in sun.net.www.protocol.http.DigestAuthentication
> only uses the abs_path of the uri. This is incorrect and the target
> servers 'host:port' should be used when tunneling. Also, the request
> method ( GET/POST/CONNECT ) is used when generating the response hash.
> This needs to be "CONNECT" when tunneling.
>
> (diffs below)
>
> Thanks,
> -Chris.
More information about the net-dev
mailing list