Authentitifcation digest TCP/TLS session reuse#3582
Closed
simon0356 wants to merge 1 commit intowarmcat:mainfrom
Closed
Authentitifcation digest TCP/TLS session reuse#3582simon0356 wants to merge 1 commit intowarmcat:mainfrom
simon0356 wants to merge 1 commit intowarmcat:mainfrom
Conversation
Avoid TCP and TLS session re-opening when HTTP authentification digest challenge is provided by server along with a 401 Unauthorized and a connection : keep-alive header set Signed-off-by: stropee <simon@sirocha.fr> Co-developed-by: Claude Sonnet 4.6 <claude-sonnet-4-6@anthropic.com>
Member
|
How do you feel about this version of the patch on _temp (it's essentially main plus a few patches) branch... does it also work for you? Basically this is more cautious about collecting headers before making a decision, allowing to to defend against chunked / request smuggling. |
Contributor
Author
|
I have tested your proposal on both setup :
It is ok to me, thanks for the review and for the integration. I have in mind to provide you later a minimal example of websockets server with digest auth support in user callback to allow testing this feature in CI. Thanks ! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hello Andy,
As i use HTTP Auth digest along with websockets i want to fix the behaviour using mbedtls that close the TCP socket and TLS session when the digest authentification challenge is received on the client.
I describe my issue and "Claude Sonnet 4.6" has offering the patch here.
I have tested on a linux platform + mbedtls and valgrind to track memory leak (since we reuse the session and reset the header table)
Also tested on a FreeRTOS + LwIP + mbedtls platform.
I would be happy to have your review on this and if possible to merge it in main.
Thanks !
Simon