--- /home/petr/programs/python/2.6/Lib/urllib2.py	2009-02-16 18:54:38.000000000 +0100
+++ /home/petr/programs/python/urllib-fixes/Lib/urllib2.py	2009-02-17 00:46:46.000000000 +0100
@@ -812,10 +812,11 @@
         # XXX could be multiple headers
         authreq = headers.get(authreq, None)
         if authreq:
-            mo = AbstractBasicAuthHandler.rx.search(authreq)
-            if mo:
-                scheme, quote, realm = mo.groups()
-                if scheme.lower() == 'basic':
+            pscheme = authreq.lower().find("basic ")
+            if(pscheme>=0):
+                mo = AbstractBasicAuthHandler.rx.search(authreq)
+                if mo:
+                    scheme, quote, realm = mo.groups()
                     return self.retry_http_basic_auth(host, req, realm)
 
     def retry_http_basic_auth(self, host, req, realm):
@@ -886,27 +887,29 @@
         self.passwd = passwd
         self.add_password = self.passwd.add_password
         self.retried = 0
+        self.nonce = 0
         self.nonce_count = 0
+        self.max_attempts = 2
 
     def reset_retry_count(self):
         self.retried = 0
 
-    def http_error_auth_reqed(self, auth_header, host, req, headers):
+    def http_error_auth_reqed(self, auth_header, host, req, headers, fp=None):
         authreq = headers.get(auth_header, None)
-        if self.retried > 5:
+        if self.retried > self.max_attempts:
             # Don't fail endlessly - if we failed once, we'll probably
             # fail a second time. Hm. Unless the Password Manager is
             # prompting for the information. Crap. This isn't great
             # but it's better than the current 'repeat until recursion
             # depth exceeded' approach <wink>
             raise HTTPError(req.get_full_url(), 401, "digest auth failed",
-                            headers, None)
+                            headers, fp)
         else:
             self.retried += 1
         if authreq:
-            scheme = authreq.split()[0]
-            if scheme.lower() == 'digest':
-                return self.retry_http_digest_auth(req, authreq)
+            pscheme = authreq.lower().find("digest ")
+            if pscheme>-1:
+                return self.retry_http_digest_auth(req, authreq[pscheme:])
 
     def retry_http_digest_auth(self, req, auth):
         token, challenge = auth.split(' ', 1)
@@ -961,7 +964,11 @@
                         # XXX selector: what about proxies and full urls
                         req.get_selector())
         if qop == 'auth':
-            self.nonce_count += 1
+            if nonce==self.nonce: 
+                self.nonce_count += 1
+            else: 
+                self.nonce = nonce
+                self.nonce_count = 1
             ncvalue = '%08x' % self.nonce_count
             cnonce = self.get_cnonce(nonce)
             noncebit = "%s:%s:%s:%s:%s" % (nonce, ncvalue, cnonce, qop, H(A2))
@@ -1016,7 +1023,7 @@
     def http_error_401(self, req, fp, code, msg, headers):
         host = urlparse.urlparse(req.get_full_url())[1]
         retry = self.http_error_auth_reqed('www-authenticate',
-                                           host, req, headers)
+                                           host, req, headers, fp)
         self.reset_retry_count()
         return retry
 
@@ -1029,7 +1036,7 @@
     def http_error_407(self, req, fp, code, msg, headers):
         host = req.get_host()
         retry = self.http_error_auth_reqed('proxy-authenticate',
-                                           host, req, headers)
+                                           host, req, headers, fp)
         self.reset_retry_count()
         return retry