Reject supported hash in Proxy-Authorization header

This should not normally happen, as the hash is expected to match what Ncat offered in prior Proxy-Authenticate. Closes #2440
2025-12-06 04:31:29 +00:00 · 2022-02-08 00:37:36 +00:00
parent 828dedfc8a
commit 854ed0a58a
2 changed files with 5 additions and 3 deletions
--- a/ncat/http.c
+++ b/ncat/http.c
@@ -1456,7 +1456,7 @@ static const char *http_read_credentials(const char *s,
                if (str_equal_i(value, "MD5"))
                    credentials->u.digest.algorithm = ALGORITHM_MD5;
                else
-                    credentials->u.digest.algorithm = ALGORITHM_MD5;
+                    credentials->u.digest.algorithm = ALGORITHM_UNKNOWN;
            } else if (str_equal_i(name, "qop")) {
                if (str_equal_i(value, "auth"))
                    credentials->u.digest.qop = QOP_AUTH;