On 24/04/2012 21:11, Mark Thomas wrote: > On 24/04/2012 20:51, Brian Burch wrote: >> Sorry I haven't been able to quote the details of this commit made by >> markt a month ago, but I didn't keep a copy in my inbox. >> >> I previously submitted an enhancement to the corresponding test suite >> https://issues.apache.org/bugzilla/show_bug.cgi?id=53096 >> I fully expected all my test cases would succeed against mark's trivial >> bugfix. >> >> I recently brought my trunk sandbox up to svn: r1329909 and was puzzled >> to discover the relevant test case still FAILED! >> >> I've done a lot of digging and debugging, and come to the conclusion >> this problem is more subtle than originally thought. Does anyone know >> whether the current fix has been validated against a real android >> device? I suspect it doesn't work. > > I certainly didn't at the time, but I can quite easily. > >> The issues are: >> >> 1. the one line change: >> - String md5a1 = getDigest(username, realm); >> + // In digest auth, digests are always lower case >> + String md5a1 = getDigest(username, >> realm).toLowerCase(Locale.ENGLISH); >> >> If I remember correctly, the intention was to be make tomcat more >> tolerant of clients that presented digest strings with upper case >> hexadecimal digits provided they were otherwise correct. The change in >> r1329909 seems to me as if it does nothing of relevance to that objective. > > Agreed. (if that was the objective).
However, that was not the objective. The objective was to handle programs that created hashes for the user database that used capitals. The Android DIGEST auth issue was related to URIs. See https://issues.apache.org/bugzilla/show_bug.cgi?id=52954 > Let me see what happens with 2.3.5 and 4.0.3 and decide then. > > Watch this space... BZ 52954 is not an issue in Android 4.0.3 but it is in 2.3.5. Given that 2.3.x is by far the most prevalent Android version at the moment we should certainly take a look at fixing BZ 52954. Upper/lower case digests from android clients is a red herring. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
