net-http-digest_auth icon indicating copy to clipboard operation
net-http-digest_auth copied to clipboard
verified publisher icon drbrain

Start the nonce count with value 1

Open paulvt opened this issue 7 years ago • 4 comments

The nounce count contains the number of times the client has sent the nonce value in the request (see Section 3.2.2 of RFC 2617). This should start with 1 because the initial request contains the value.

Also, IIS 10.0 seems to ignore requests where nonce count is 0 and resends a "HTTP 401 Authorization Required" response.

paulvt avatar Mar 21 '18 12:03 paulvt

See also: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc780170(v=ws.10)

paulvt avatar Mar 21 '18 12:03 paulvt

This fixed an issue for me trying to talk to the MongoDB Atlas API. It would not authenticate until I used this patch. Do recommend merging.

stormsilver avatar Jan 04 '19 18:01 stormsilver

Also ran into this issue, is this project maintained?

p-mongo avatar Apr 28 '20 02:04 p-mongo

@p-mongo It doesn't seem like it. I am using a locally patched gem as a result, unfortunately.

paulvt avatar Apr 28 '20 07:04 paulvt