What's going on in LWP::Authen::Digest, lines 53-55?

ceeker has asked for the wisdom of the Perl Monks concerning the following question:

The lines are (with some padding, 51-56):

$md5->add($request->content);
my $content = $md5->hexdigest;
$md5->reset;
$md5->add(join(":", @digest[0..1], $content));
$md5->reset;
$resp{"message-digest"} = $md5->hexdigest;
[download]

It seems to me that in line 56 the value stored in that hash is not a MD5 digest of a message, but only the md5 of the empty string.

And this is the resulting HTTP-Authorize:-header:
Authorization: Digest username="someuser", realm="myrealm.de", qop="auth", algorithm="MD5", uri="/look_here", nonce="437ef90b37d69", nc="00000001", cnonce="46c650f4", response="f5b2ba3476fed859942ed823776710da", message-digest="d41d8cd98f00b204e9800998ecf8427e"
The message-digest has indeed the MD5 value of an empty string.

I think one could just comment out line 55. But when I tried that I still got a 401 (Authorization Required) from the server.

When I finally used a localhost proxy and filtered out both message-digest and algorithm from the header I was finally admitted to the realm. Would that be an error on the server side?

Comment on What's going on in LWP::Authen::Digest, lines 53-55? Download Code

Replies are listed 'Best First'.
Re: What's going on in LWP::Authen::Digest, lines 53-55? by Anonymous Monk on Aug 18, 2007 at 11:01 UTC
Upgrade?	[reply]
Re^2: What's going on in LWP::Authen::Digest, lines 53-55? by ceeker (Novice) on Aug 24, 2007 at 16:57 UTC
Upgrading wouldn't help I think... The version I found on cpan.org (libwww-perl-5.808/lib/LWP/Authen) still contained those same lines. I'd be glad about any input.	[reply]