On Sep 10, 2003 at 07:50, Jakob Schlyter jakob@rfc.se wrote:
On Wed, 10 Sep 2003, Jan Janak wrote:
domain in username attribute must be same as the value of realm attribute.
because of the implementation in ser? I understand this is not the case for digest authentication in general, no? According to RFC2617, the realm doesn' even have to be a domain.
anyway, after changing the realm to "" I get the data below. it seems to me that the internal calculate_ha1 (I use calculate_ha1=1) gets the wrong hash?
WWW-Authenticate: Digest realm="schlyter.net", nonce="3f5ebb4f2b39fb9cddbaf991430cebc22b0c3d30", qop="auth"
Authorization: Digest username="jakob@schlyter.net",realm="schlyter.net", uri="sip:schlyter.net",response="3d38e621a815df0c2589656c294b9129", nonce="3f5ebb4f2b39fb9cddbaf991430cebc22b0c3d30",cnonce="77390415", qop=auth,nc=00000001,algorithm=m
0(27788) HA1 string calculated: 5e860120544c1454fee11f18b334e4ed
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
0(27788) check_response(): Our result = '2544fd772b025e8ce54da191166ea319'
however,
itodenwa> ./gen_ha1 jakob schlyter.net ser2003 5e860120544c1454fee11f18b334e4ed
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
calculate_ha1 gets the correct hash.
if I run this again, "check_response(): Our result" gives me another value for the hash - I guess this should stay the same?
No, it should stay the same only if you have the same nonce, nc, cnonce, qop, request method and digest uri value.
check_response returns (when qop is present): MD5 ( ha1 ":" unq(nonce-value) ":" nc-value ":" unq(cnonce-value) ":" unq(qop-value) ":" ha2 )
ha2 = MD5(method ":" digest-uri-value) (in this case)
Andrei