diff -ur httpd-2.0.48/modules/aaa/mod_auth_digest.c httpd-fixed/modules/aaa/mod_auth_digest.c
--- httpd-2.0.48/modules/aaa/mod_auth_digest.c	2003-02-15 23:41:18.000000000 -0500
+++ httpd-fixed/modules/aaa/mod_auth_digest.c	2004-01-14 11:04:12.000000000 -0500
@@ -186,6 +186,7 @@
     const char           *username;
           char           *nonce;
     const char           *uri;
+    const char           *method;
     const char           *digest;
     const char           *algorithm;
     const char           *cnonce;
@@ -1002,6 +1003,7 @@
     resp->raw_request_uri = r->unparsed_uri;
     resp->psd_request_uri = &r->parsed_uri;
     resp->needed_auth = 0;
+    resp->method = r->method;
     ap_set_module_config(r->request_config, &auth_digest_module, resp);
 
     res = get_digest_rec(r, resp);
@@ -1462,7 +1464,7 @@
 {
     const char *ha2;
 
-    ha2 = ap_md5(r->pool, (unsigned char *)apr_pstrcat(r->pool, r->method, ":",
+    ha2 = ap_md5(r->pool, (unsigned char *)apr_pstrcat(r->pool, resp->method, ":",
                                                        resp->uri, NULL));
     return ap_md5(r->pool,
                   (unsigned char *)apr_pstrcat(r->pool, ha1, ":", resp->nonce,
@@ -1487,12 +1489,12 @@
     }
 
     if (resp->message_qop && !strcasecmp(resp->message_qop, "auth-int")) {
-        a2 = apr_pstrcat(r->pool, r->method, ":", resp->uri, ":",
+        a2 = apr_pstrcat(r->pool, resp->method, ":", resp->uri, ":",
                          ap_md5(r->pool, (const unsigned char*) ""), NULL);
                          /* TBD */
     }
     else {
-        a2 = apr_pstrcat(r->pool, r->method, ":", resp->uri, NULL);
+        a2 = apr_pstrcat(r->pool, resp->method, ":", resp->uri, NULL);
     }
     ha2 = ap_md5(r->pool, (const unsigned char *)a2);