Issue with digest authentication (bug with expired nonce?)
Helge Heß
me at helgehess.eu
Mon Jul 20 10:39:55 EDT 2009
Hi,
I have an issue with DIGEST authentication against the Darwin
CalendarServer (written in Python, using Twisted).
When I setup the ne_session and connect the first time, the server
sends a www-authenticate like this (wrapped for convenience):
www-authenticate: digest
nonce="407622548612917478438055499919308296286286088450101550104",
realm="/Search",
algorithm="md5"
The Neon connection properly asks my password-callback and the request
succeeds.
Now after ~15min the server expires the nonce. A request sent will
fail with a 401 and such a www-authenticate:
www-authenticate: digest
nonce="608813104748652097786845376369540413326582419906442545814",
stale="true",
realm="/Search",
algorithm="md5"
New nonce, and stale set to true.
Problem is, that Neon doesn't seem to catch this. It ends up passing
the 401 response to me, with a NE_AUTH return code. I would expect an
automatic reauth with the new nonce?
Thanks,
Helge
More information about the neon
mailing list