Sorry about confusion. 2011/10/11 corvid <corvid at lavabit.com>:
furaisanjin wrote:
2011/10/11 corvid <corvid at lavabit.com>:
Is there a site that isn't working?
http://x68000.q-e-d.net/~68user/net/sample/http-auth-digest/secret.html
This is just a test page and user name is hoge and password is fuga.
It seems to work for me. I give user and pass, and then it shows me a page with "Digest" and some Japanese text that I don't know how to read.
Originally I detected digest authentication problem with my DVD recorder. I put some debug code to see the behavior but I put extra quote like algorithm="MD5". This caused the problem to access the page mentioned above.
a_Digest_compute_digest() calculates A1 for MD5 and MD5-sess, but I disabled digest auth for MD5-sess in Auth_parse_digest_challenge_cb() because http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestalgorith... said "MD5-sess is not correctly implemented yet", which prevented me from giving it much testing.
RFC 2617 (http://www.faqs.org/rfcs/rfc2617.html) mentions how A1 is calculated in 3.2.2.2 and MD5-sess requires more parameters and A1 is calculated only once but A1 is also calculated for MD5 and none specified algorithm.
This is what a_Digest_compute_digest() does.
Yes, I was looking at wrong place. The problems of my DVD recorder are 1 it doesn't allow extra space characters between '='. 2 uri needs to have quote 3 the order of parameter seems to have strict rule (username, realm, nonce, uri, cnonce, nc, algorithm, response, qop) Both IE and firefox follow 1 and 2 but only IE follows 3. Regards, furaisanjin