Merge pull request #163 from fbriere/issue/162-multiple-auth-headers

Support multiple WWW-Authenticate/Proxy-Authenticate headers

1 files changed, 13 insertions, 0 deletions

diff --git a/src/parser/hdr_www_authenticate.cpp b/src/parser/hdr_www_authenticate.cpp
index ae87e99..2deb787 100644
--- a/src/parser/hdr_www_authenticate.cpp
+++ b/src/parser/hdr_www_authenticate.cpp
@@ -17,10 +17,23 @@
 
 #include "hdr_www_authenticate.h"
 #include "definitions.h"
+#include "util.h"
 
 t_hdr_www_authenticate::t_hdr_www_authenticate() : t_header("WWW-Authenticate") {}
 
 void t_hdr_www_authenticate::set_challenge(const t_challenge &c) {
+	// The server may send multiple WWW-Authenticate/Proxy-Authenticate
+	// headers, with different digest algorithms, in decreasing order of
+	// preference.  We must therefore avoid overwriting any supported
+	// challenge once we've got a hold of one.  (We don't simply ignore
+	// all unsupported challenges, however, just in case the server forgot
+	// to include a Digest challenge.)
+	if (populated) {
+		// Don't overwrite the previous challenge if it was supported
+		if (cmp_nocase(challenge.auth_scheme, AUTH_DIGEST) == 0) {
+			return;
+		}
+	}
 	populated = true;
 	challenge = c;
 }