Issue with digest authentication (bug with expired nonce?)
Helge Heß
me at helgehess.eu
Tue Jul 21 05:02:20 EDT 2009
On 20.07.2009, at 18:12, Joe Orton wrote:
> On Mon, Jul 20, 2009 at 04:39:55PM +0200, Helge Heß wrote:
> ...
>> www-authenticate: digest
>> nonce="608813104748652097786845376369540413326582419906442545814",
>> stale="true",
>> realm="/Search",
>> algorithm="md5"
>>
>> New nonce, and stale set to true.
>>
>> Problem is, that Neon doesn't seem to catch this. It ends up
>> passing the
>> 401 response to me, with a NE_AUTH return code. I would expect an
>> automatic reauth with the new nonce?
>
> Yup, that should be what happens with the current code. (stale
> handling
> was broken pre-0.27.0 but I presume you are using a modern version of
> neon?)
Its 0.28.4 on Windoze.
> What's the session error string set to at the point NE_AUTH is
> returned?
"Could not authenticate to server: initial Digest challenge was stale"
> Capturing a debug log of this (NE_DBG_HTTP|NE_DBG_HTTPAUTH) would be
> the
> best way to diagnose further.
Its a bit hard to do on my Windoze setup :-/
Thanks,
Helge
More information about the neon
mailing list