esp_http_client: Add config option for HTTP Digest auth

components/esp_http_client/Kconfig

@@ -14,4 +14,11 @@ menu "ESP HTTP client"
             This option will enable HTTP Basic Authentication. It is disabled by default as Basic
             auth uses unencrypted encoding, so it introduces a vulnerability when not using TLS
 
+    config ESP_HTTP_CLIENT_ENABLE_DIGEST_AUTH
+        bool "Enable HTTP Digest Authentication"
+        default y
+        help
+            This option will enable HTTP Digest Authentication. It is enabled by default, but use of this
+            configuration is not recommended as the password can be derived from the exchange, so it introduces
+            a vulnerability when not using TLS
 endmenu

components/esp_http_client/esp_http_client.c

@@ -510,11 +510,13 @@ static esp_err_t esp_http_client_prepare(esp_http_client_handle_t client)
 
         if (client->connection_info.auth_type == HTTP_AUTH_TYPE_BASIC) {
             auth_response = http_auth_basic(client->connection_info.username, client->connection_info.password);
+#ifdef CONFIG_ESP_HTTP_CLIENT_ENABLE_DIGEST_AUTH
         } else if (client->connection_info.auth_type == HTTP_AUTH_TYPE_DIGEST && client->auth_data) {
             client->auth_data->uri = client->connection_info.path;
             client->auth_data->cnonce = ((uint64_t)esp_random() << 32) + esp_random();
             auth_response = http_auth_digest(client->connection_info.username, client->connection_info.password, client->auth_data);
             client->auth_data->nc ++;
+#endif
         }
 
         if (auth_response) {
@@ -1410,19 +1412,27 @@ void esp_http_client_add_auth(esp_http_client_handle_t client)
         http_utils_trim_whitespace(&auth_header);
         ESP_LOGD(TAG, "UNAUTHORIZED: %s", auth_header);
         client->redirect_counter++;
+#ifdef CONFIG_ESP_HTTP_CLIENT_ENABLE_DIGEST_AUTH
         if (http_utils_str_starts_with(auth_header, "Digest") == 0) {
             ESP_LOGD(TAG, "type = Digest");
             client->connection_info.auth_type = HTTP_AUTH_TYPE_DIGEST;
+        } else {
+#endif
 #ifdef CONFIG_ESP_HTTP_CLIENT_ENABLE_BASIC_AUTH
-        } else if (http_utils_str_starts_with(auth_header, "Basic") == 0) {
+        if (http_utils_str_starts_with(auth_header, "Basic") == 0) {
             ESP_LOGD(TAG, "type = Basic");
             client->connection_info.auth_type = HTTP_AUTH_TYPE_BASIC;
-#endif
         } else {
+#endif
             client->connection_info.auth_type = HTTP_AUTH_TYPE_NONE;
             ESP_LOGE(TAG, "This authentication method is not supported: %s", auth_header);
             return;
+#ifdef CONFIG_ESP_HTTP_CLIENT_ENABLE_BASIC_AUTH
         }
+#endif
+#ifdef CONFIG_ESP_HTTP_CLIENT_ENABLE_DIGEST_AUTH
+        }
+#endif
 
         _clear_auth_data(client);
 

examples/protocols/esp_http_client/main/esp_http_client_example.c

@@ -341,6 +341,7 @@ static void http_auth_basic_redirect(void)
 }
 #endif
 
+#if CONFIG_ESP_HTTP_CLIENT_ENABLE_DIGEST_AUTH
 static void http_auth_digest(void)
 {
     esp_http_client_config_t config = {
@@ -359,6 +360,7 @@ static void http_auth_digest(void)
     }
     esp_http_client_cleanup(client);
 }
+#endif
 
 static void https_with_url(void)
 {
@@ -681,7 +683,9 @@ static void http_test_task(void *pvParameters)
     http_auth_basic();
     http_auth_basic_redirect();
 #endif
+#if CONFIG_ESP_HTTP_CLIENT_ENABLE_DIGEST_AUTH
     http_auth_digest();
+#endif
     http_relative_redirect();
     http_absolute_redirect();
     https_with_url();

examples/protocols/esp_http_client/sdkconfig.ci

@@ -8,3 +8,4 @@ CONFIG_EXAMPLE_ETH_PHY_RST_GPIO=5
 CONFIG_EXAMPLE_ETH_PHY_ADDR=1
 CONFIG_EXAMPLE_CONNECT_IPV6=y
 CONFIG_ESP_HTTP_CLIENT_ENABLE_BASIC_AUTH=y
+CONFIG_ESP_HTTP_CLIENT_ENABLE_DIGEST_AUTH=y