A reader has pointed out a second serious error in my book. Unlike the first, this one is obscure: noone in real life would use Digest Authentication for mod_authnz_day where there are no secrets to protect! But my reader evidently used the code as a template for something and discovered the error.
The error is on Page 195, where
apr_md5 is used to compute an MD5 hash.
apr_md5 in fact computes a binary digest, which then has to be encoded to the hash we need (as in htdigest). This is very simply accomplished by using
ap_md5 in place of
apr_md5 in our code. I have added it to the book pages errata section, and corrected the code downloadable from there.
Fortunately my correspondent was extremely complimentary about the book in general: evidently it is achieving its purpose of helping a programmer surmount the learning curve to working productively with Apache HTTPD.
He also wondered whether I have any plans for a second edition: a question I have contemplated but not acted on as we approach the release of a new stable 2.4 branch. Since 2.4 doesn’t actually obsolete 2.2 (or indeed 2.0) programming skills, my feeling is that the book remains valid, and my time would be better spent writing some supplementary standalone articles to deal with what’s changed. But then, if I do that then it’s a relatively small step to a second edition with additional chapters. Hmmm ….
Thanks to Brad Goodman for alerting me to the error, and for being so nice about it!