2011/10/11 corvid <corvid at lavabit.com>:
Is there a site that isn't working?
http://x68000.q-e-d.net/~68user/net/sample/http-auth-digest/secret.html This is just a test page and user name is hoge and password is fuga.
a_Digest_compute_digest() calculates A1 for MD5 and MD5-sess, but I disabled digest auth for MD5-sess in Auth_parse_digest_challenge_cb() because http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestalgorith... said "MD5-sess is not correctly implemented yet", which prevented me from giving it much testing.
RFC 2617 (http://www.faqs.org/rfcs/rfc2617.html) mentions how A1 is calculated in 3.2.2.2 and MD5-sess requires more parameters and A1 is calculated only once but A1 is also calculated for MD5 and none specified algorithm. Regards, furaisanjin