+2013-07-12 Giuseppe Scrivano <gscrivano@gnu.org>
+
+ * http.c (digest_authentication_encode): Set default value of
+ `algorithm' to "MD5". Check if `qop' is not-NULL before access it.
+
2013-07-11 Karsten Hopp <karsten@redhat.com>
* openssl.c (struct openssl_read_args, struct scwt_context): New struct.
param_token name, value;
- realm = opaque = nonce = qop = algorithm = NULL;
+ realm = opaque = nonce = qop = NULL;
+ algorithm = "MD5";
au += 6; /* skip over `Digest' */
while (extract_param (&au, &name, &value, ','))
md5_finish_ctx (&ctx, hash);
dump_hash (a2buf, hash);
- if (!strcmp(qop, "auth") || !strcmp (qop, "auth-int"))
+ if (qop && (!strcmp(qop, "auth") || !strcmp (qop, "auth-int")))
{
/* RFC 2617 Digest Access Authentication */
/* generate random hex string */
res = xmalloc (res_size);
- if (!strcmp(qop,"auth"))
+ if (qop && !strcmp (qop, "auth"))
{
res_len = snprintf (res, res_size, "Digest "\
"username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", response=\"%s\""\