[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [libmicrohttpd] Upgrade to digest authentication
From: |
Christian Grothoff |
Subject: |
Re: [libmicrohttpd] Upgrade to digest authentication |
Date: |
Wed, 11 Nov 2020 15:18:46 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0 |
On 11/11/20 3:02 PM, DJM-Avalesta wrote:
> Hi,
>
> I spoke too soon, I still have issues authenticating with certain clients.
>
> The attached wireshark shows, at the very end, it fails to authenticate
> an HTTP GET of an image file (/mjpg/image.cgi) when the username, nonce
> and realm all seem to be correct.
>
> It actually fails in digestauth.c with the message "Authentication
> failed, arguments do no match".
>
> Any ideas?
I suspect the "?view=0" is somehow to blame. IIRC we had issues with
that in the past, where some include the "?view=0" in the URI when
hashing, and others do not. Also not that the "?view=0" is *NOT*
included in the "uri=/mjpeg/image.cgi" given by the client (TCP stream
#10).
So if the client excluded "?view=0" from hashing, and MHD included
"?view=0" when hashing, this disagreement would result in exactly this
behavior.
(I don't recall on the spot what the standard says, and also don't
recall if MHD even look a tthe "uri=" argument in the authorization
header -- I'd need more time to investigate this, so this is just my
hunch/idea here.)
Happy hacking!
Christian
signature.asc
Description: OpenPGP digital signature