10 Sep
2003
10 Sep
'03
2:45 p.m.
On Sep 10, 2003 at 07:50, Jakob Schlyter <jakob(a)rfc.se> wrote:
On Wed, 10 Sep 2003, Jan Janak wrote:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
domain in username attribute must be same as the
value of realm
attribute.
because of the implementation in ser? I understand this is not the case
for digest authentication in general, no? According to RFC2617, the realm
doesn' even have to be a domain.
anyway, after changing the realm to "" I get the data below. it seems to
me that the internal calculate_ha1 (I use calculate_ha1=1) gets the wrong
hash?
WWW-Authenticate: Digest realm="schlyter.net",
nonce="3f5ebb4f2b39fb9cddbaf991430cebc22b0c3d30", qop="auth"
Authorization: Digest
username="jakob(a)schlyter.net",realm="schlyter.net"t;schlyter.net",
uri="sip:schlyter.net",response="3d38e621a815df0c2589656c294b9129",
nonce="3f5ebb4f2b39fb9cddbaf991430cebc22b0c3d30",cnonce="77390415",
qop=auth,nc=00000001,algorithm=m
0(27788) HA1 string calculated: 5e860120544c1454fee11f18b334e4ed 0(27788) check_response(): Our result =
'2544fd772b025e8ce54da191166ea319'
however,
itodenwa> ./gen_ha1 jakob schlyter.net ser2003
5e860120544c1454fee11f18b334e4ed
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
calculate_ha1 gets the correct hash.
if I run this again, "check_response(): Our result" gives me another value
for the hash - I guess this should stay the same?
No, it should stay the same only if you have the same nonce, nc, cnonce,
qop, request method and digest uri value.
check_response returns (when qop is present):
MD5 ( ha1 ":" unq(nonce-value) ":" nc-value ":"
unq(cnonce-value) ":"
unq(qop-value) ":" ha2 )
ha2 = MD5(method ":" digest-uri-value) (in this case)
Andrei