Reject supported hash in Proxy-Authorization header

This should not normally happen, as the hash is expected to match what Ncat 
offered in prior Proxy-Authenticate.  Closes #2440

ncat/http.c

@@ -1456,7 +1456,7 @@ static const char *http_read_credentials(const char *s,
                 if (str_equal_i(value, "MD5"))
                     credentials->u.digest.algorithm = ALGORITHM_MD5;
                 else
-                    credentials->u.digest.algorithm = ALGORITHM_MD5;
+                    credentials->u.digest.algorithm = ALGORITHM_UNKNOWN;
             } else if (str_equal_i(name, "qop")) {
                 if (str_equal_i(value, "auth"))
                     credentials->u.digest.qop = QOP_AUTH;

ncat/http_digest.c

@@ -266,7 +266,8 @@ char *http_digest_proxy_authorization(const struct http_challenge *challenge,
     size_t size = 0, offset = 0;
     enum http_digest_qop qop;
 
-    if (challenge->scheme != AUTH_DIGEST || challenge->realm == NULL
+    if (challenge->scheme != AUTH_DIGEST
+        || challenge->realm == NULL
         || challenge->digest.nonce == NULL
         || challenge->digest.algorithm != ALGORITHM_MD5)
         return NULL;
@@ -330,7 +331,8 @@ int http_digest_check_credentials(const char *username, const char *realm,
         || credentials->u.digest.realm == NULL
         || credentials->u.digest.nonce == NULL
         || credentials->u.digest.uri == NULL
-        || credentials->u.digest.response == NULL) {
+        || credentials->u.digest.response == NULL
+        || credentials->u.digest.algorithm != ALGORITHM_MD5) {
         return 0;
     }
     if (credentials->u.digest.qop != QOP_NONE && credentials->u.digest.qop != QOP_AUTH)