cURL / Mailing Lists / curl-library / Single Mail

curl-library

Wrong Digest Authentication header when using Windows SSPI

From: LRN <lrn1986_at_gmail.com>
Date: Thu, 23 Apr 2015 17:13:46 +0300

The header i get is:
"Digest
username=\"testuser\",realm=\"\",nonce=\"...\",uri=\"/\",cnonce=\"...\",nc=00000001,response=\"...\",qop=\"auth\",opaque=\"...\""

(replaced actual hashes with "..."). Note the empty realm.

The chlg_buf[0].pvBuffer that gets fed to s_pSecFn->InitializeSecurityContext()
by Curl_sasl_create_digest_http_message() is:
"realm=\"test_at_example.com\",qop=\"auth\",nonce=\"...\",opaque=\"...\"

So InitializeSecurityContext() does get the realm reported by the server, but
neglects to set it on the request it generates.

-- 
O< ascii ribbon - stop html email! - www.asciiribbon.org

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

application/pgp-keys attachment: 0x922360B0.asc

application/pgp-signature attachment: OpenPGP digital signature

Received on 2015-04-23

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: Wrong Digest Authentication header when using Windows SSPI"
Previous message: Paul Howarth: "[PATCH] nss: fix compilation failure with old versions of NSS"
Next in thread: Daniel Stenberg: "Re: Wrong Digest Authentication header when using Windows SSPI"
Reply: Daniel Stenberg: "Re: Wrong Digest Authentication header when using Windows SSPI"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]