[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libmicrohttpd] Possible bug in http digest

From: Manuel Argüelles
Subject: [libmicrohttpd] Possible bug in http digest
Date: Thu, 31 Jul 2014 18:31:29 -0500
User-agent: Mutt/1.5.23 (2014-03-12)


I'm having a problem with digest authentication. I'm using
libmicrohttpd version 0.9.37.

I'm trying to use digest authentication for post method, followed the
examples but got a weird behavior; in the request handler I check if
it is a post message (not using auth for get), if so, try to
authenticate and then handle it to the post_processor.

On the first run MHD_digest_auth_get_username() returns null, the
response is successfully added with MHD_queue_auth_fail_response() and
MHD_YES is returned.

On the second run, MHD_digest_auth_get_username() returns the user
name, MHD_digest_auth_check() returns MHD_YES and post processor is
created with MHD_create_post_processor() and MHD_YES is returned.

At this point and based on curl output with -v, client gets a 100

Client continues, MHD_digest_auth_get_username() returns the user but
now MHD_digest_auth_check() returns MHD_NO with debug message:

"Stale nonce received.  If this happens a lot, you should probably
increase the size of the nonce array."

And MHD_queue_auth_fail_response() returns MHD_NO as well, which
leaves me with nothing for the client: "Empty reply from server".

I have MHD_OPTION_NONCE_NC_SIZE set to 60000, but to me it looks like
if everything (digest related) gets cleared up after the second run
(when I create the post processor and return MHD_YES) so it fails
because there isn't an initial MHD_queue_auth_fail_response()...

Does this looks plausible? If so, is it a bug or an expected behavior?
am I doing something wrong?

Or, should I keep track of the authenticated connections? Because if I
only try to authenticate when *con_cls is null then everything works
fine, but I'm not sure if this is the correct way.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]