[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] Possible bug in http digest
From: |
Manuel Argüelles |
Subject: |
[libmicrohttpd] Possible bug in http digest |
Date: |
Thu, 31 Jul 2014 18:31:29 -0500 |
User-agent: |
Mutt/1.5.23 (2014-03-12) |
Hello,
I'm having a problem with digest authentication. I'm using
libmicrohttpd version 0.9.37.
I'm trying to use digest authentication for post method, followed the
examples but got a weird behavior; in the request handler I check if
it is a post message (not using auth for get), if so, try to
authenticate and then handle it to the post_processor.
On the first run MHD_digest_auth_get_username() returns null, the
response is successfully added with MHD_queue_auth_fail_response() and
MHD_YES is returned.
On the second run, MHD_digest_auth_get_username() returns the user
name, MHD_digest_auth_check() returns MHD_YES and post processor is
created with MHD_create_post_processor() and MHD_YES is returned.
At this point and based on curl output with -v, client gets a 100
continue.
Client continues, MHD_digest_auth_get_username() returns the user but
now MHD_digest_auth_check() returns MHD_NO with debug message:
"Stale nonce received. If this happens a lot, you should probably
increase the size of the nonce array."
And MHD_queue_auth_fail_response() returns MHD_NO as well, which
leaves me with nothing for the client: "Empty reply from server".
I have MHD_OPTION_NONCE_NC_SIZE set to 60000, but to me it looks like
if everything (digest related) gets cleared up after the second run
(when I create the post processor and return MHD_YES) so it fails
because there isn't an initial MHD_queue_auth_fail_response()...
Does this looks plausible? If so, is it a bug or an expected behavior?
am I doing something wrong?
Or, should I keep track of the authenticated connections? Because if I
only try to authenticate when *con_cls is null then everything works
fine, but I'm not sure if this is the correct way.
Regards
- [libmicrohttpd] Possible bug in http digest,
Manuel Argüelles <=