From 72f19f864d2f1309723f1cac455eae9676792fd4 Mon Sep 17 00:00:00 2001
From: Arturo Bernal <abernal@apache.org>
Date: Thu, 28 Aug 2025 19:17:20 +0200
Subject: [PATCH] =?UTF-8?q?HTTPCLIENT-2393=20-=20remove=20rspauth=20from?=
 =?UTF-8?q?=20Authorization=20RFC=207616=20compliance:=20rspauth=20is=20se?=
 =?UTF-8?q?rver-side=20(Authentication-Info=20=C2=A73.5)=20only.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../org/apache/hc/client5/http/impl/auth/DigestScheme.java   | 1 -
 .../apache/hc/client5/http/impl/auth/TestDigestScheme.java   | 5 +++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/DigestScheme.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/DigestScheme.java
index 0771f9bd3b..7f57e2f78a 100644
--- a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/DigestScheme.java
+++ b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/DigestScheme.java
@@ -471,7 +471,6 @@ private String createDigestResponse(final HttpRequest request) throws Authentica
             params.add(new BasicNameValuePair("qop", qop == QualityOfProtection.AUTH_INT ? "auth-int" : "auth"));
             params.add(new BasicNameValuePair("nc", nc));
             params.add(new BasicNameValuePair("cnonce", cnonce));
-            params.add(new BasicNameValuePair("rspauth", hasha2));
         }
         if (algorithm != null) {
             params.add(new BasicNameValuePair("algorithm", algorithm));
diff --git a/httpclient5/src/test/java/org/apache/hc/client5/http/impl/auth/TestDigestScheme.java b/httpclient5/src/test/java/org/apache/hc/client5/http/impl/auth/TestDigestScheme.java
index 6b0fc5b59d..e44fe89558 100644
--- a/httpclient5/src/test/java/org/apache/hc/client5/http/impl/auth/TestDigestScheme.java
+++ b/httpclient5/src/test/java/org/apache/hc/client5/http/impl/auth/TestDigestScheme.java
@@ -903,7 +903,7 @@ void testDigestAuthenticationWithNonAsciiUsername() throws Exception {
     }
 
     @Test
-    void testRspAuthFieldAndQuoting() throws Exception {
+    void testRspAuthFieldNotPresentClient() throws Exception {
         final ClassicHttpRequest request = new BasicClassicHttpRequest("POST", "/");
         final HttpHost host = new HttpHost("somehost", 80);
         final CredentialsProvider credentialsProvider = CredentialsProviderBuilder.create()
@@ -921,7 +921,8 @@ void testRspAuthFieldAndQuoting() throws Exception {
 
         final Map<String, String> table = parseAuthResponse(authResponse);
 
-        Assertions.assertNotNull(table.get("rspauth"));
+        Assertions.assertNotNull(table);
+        Assertions.assertNull(table.get("rspauth"));
     }
 
     @Test