Back Midas Rome Roody Rootana
  Midas DAQ System  Not logged in ELOG logo
 Back  |  Find  |  Login  |  Help 
Entry  13 Jun 2016, Konstantin Olchanski, Info, mongoose v6.4 is ready for use 
    Reply  13 Sep 2016, Konstantin Olchanski, Info, mongoose v6.4 is ready for use 
       Reply  26 Sep 2016, Wes Gohn, Info, mongoose v6.4 is ready for use 
          Reply  26 Sep 2016, Konstantin Olchanski, Info, mongoose v6.4 is ready for use 
Message ID: 1199     Entry time: 13 Sep 2016     In reply to: 1182     Reply to this: 1201
Author: Konstantin Olchanski 
Topic: Info 
Subject: mongoose v6.4 is ready for use  
> latest version of mongoose web server library (v6.4) is now implemented in midas.

A number of bugs were found in the mongoose v6 implementation of HTTP digest authentication:

- unusual URL in the form "https://blah:8443/?" (notice trailing "?") were rejected. These URLs are sometimes generated by 
MIDAS.
- URLs longer than 200 bytes were rejected
- a check for matching URIs between the HTTP request and in digest authentication was missing (required by specs)

If you are using mhttpd with mongoose v6 https, please update mhttpd.cxx to the latest version.

We continue to recommend that mhttpd be used behind a proper HTTPS proxy with password protection (i.e. apache httpd).

mongoose v4 does not seem to have the same bugs, old server does not support https so does not have these bugs.

K.O.
ELOG V3.1.4-2e1708b5