[vlc-devel] [PATCH] http access: retain auth struct for the runtime of the module

Thomas Guillem thomas at gllm.fr
Mon Sep 17 08:30:31 CEST 2018

On Sat, Sep 15, 2018, at 15:04, Rémi Denis-Courmont wrote:
> Le vendredi 14 septembre 2018, 20:08:43 EEST Felix Paul Kühne a écrit :
> > The problem of 9bc4991e is that while Basic Authentication works just fine,
> > Digest Authentication will fail as all Digest information is lost on the
> > reconnections.
> And that's completely irrelevant.
> MD5 in HTTP Digest actually should be dropped properly to prevent downgrade 
> attacks, just like it was already dropped in TLS. And it won't be missed since 
> NTLM essentially took that "market segment" (even if NTLM is worse in some 
> ways than Digest). Literally, I have seen HTTP Digest-MD5 used exactly once in 
> twenty years on the Internet, and that's when I enabled in it in my Apache 
> server for experimenting.
> And then non-broken hash in HTTP Digest, while it has been specified, does not 
> seem to be even supported by anybody, including VLC.
> Meanwhile, this patch is an unauthorized revert and reintroduce a memory leak. 
> Please undo.

I tell felix this patch was OK.

This is more likely an unintentional revert that an unauthorized one. The difference is huge think.
Yes, I should have read the git backlog more carefully.

> -- 
> Rémi Denis-Courmont
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> https://mailman.videolan.org/listinfo/vlc-devel

More information about the vlc-devel mailing list