cups/http-support.c: Apply DigestOptions to RFC 2069 support #287
Conversation
michaelrsweet
left a comment
There was a problem hiding this comment.
From a coding style perspective, I'd prefer the check after the comment block.
From a backwards-compatibility perspective, you need to be prepared for customer support requests when their otherwise working printers break. I don't believe this will be a major impact (most people don't password protect regular printers and cupsd hasn't supported Digest authentication for quite a while now) but enterprise customers will likely have high expectations... :)
Thx, I'll move it.
I have my finger crossed... |
Earlier we applied DigestOptions only for devices which implement RFC 2617 or RFC 7616, this commit applies it even for RFC 2069 support. This issue came up during CentOS Stream/RHEL 9 development, where MD5 digest is marked as insecure for authentication/authorization, so it should be turned off in default configurations to prevent security issues.
305b863 to
887041a
Compare
Earlier we applied DigestOptions only for devices which implement RFC
2617 or RFC 7616, this commit applies it even for RFC 2069 support.
This issue came up during CentOS Stream/RHEL 9 development, where MD5
digest is marked as insecure for authentication/authorization, so it
should be turned off in default configurations to prevent security
issues.
This PR is a preview how the fix should look if accepted - more I'm
looking for discussion whether we should tackle MD5 usage for devices
supporting only RFC 2069.