6687282 code review
Michael.McMahon at Sun.COM
Wed Apr 16 10:03:11 PDT 2008
Looks ok to me.
Christopher Hegarty - Sun Microsystems Ireland wrote:
> I need to get a code review for,
> CR 6687282 : "URLConnection for HTTPS connection through Proxy w/
> Digest Authentication gives 400 Bad Request".
> Digest authentication uses the request-URI as part of its algorithm
> when generating the response hash. The request-URI is usually the
> abs_path of the uri, but not always. When tunneling the target servers
> 'host:port' is used as the request-URI, e.g.
> "CONNECT verisign.com:443 HTTP/1.1"
> The implementation in sun.net.www.protocol.http.DigestAuthentication
> only uses the abs_path of the uri. This is incorrect and the target
> servers 'host:port' should be used when tunneling. Also, the request
> method ( GET/POST/CONNECT ) is used when generating the response hash.
> This needs to be "CONNECT" when tunneling.
> (diffs below)
More information about the net-dev