Karlson2k
@Alexpux Need any correction?
Added more tests and implemented a special testing tool. _Switch from NTLM to other types should be tested and may need additional fixes. EDIT: no fixes for NTLM are needed._...
Rebased, added new `sws` features to deal with NTLM correctly.
Maybe new feature `connection-number` may simplify (or improve) existing tests where the tracking of connection's number is required.
> This really needs a test case or two to prove itself working and to make sure we don't break it later. @bagder Tests were added, ready for review.
> Is there a security impact with this change? The second two points especially sounds like there might be. * remember generated `H(A1)` value and reuse it for the next...
PR has been simplified by moving some commits to separate PRs
I've checked popular web server software and found out: * Apache: `MD5-sess is not correctly implemented yet` from the [module page](https://httpd.apache.org/docs/2.4/mod/mod_auth_digest.html). * NGINX: the [module](https://www.nginx.com/resources/wiki/modules/auth_digest/) does [not support any algo](https://github.com/atomx/nginx-http-auth-digest/blob/ac91c88017a6a4f9858a1b883ae8ccba8c6931d0/ngx_http_auth_digest_module.c#L858)...