This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author petr.viktorin
Recipients petr.viktorin
Date 2009-02-16.23:51:36
SpamBayes Score 6.8631376e-09
Marked as misclassified No
Message-id <>
I introduced Python to my dad, and the first thing he did with it was to
try to connect to a proprietary HTTP-based server, which uses Digest
authentication. It looks like urllib2's Digest support isn't well
tested. So, after not much more than a "Hello World", he ended up
patching urrlib2 (and learning a lot more about Python than he would

Anyways, here are the problems:

- Currently, AbstractBasicAuthHandler and AbstractDigestAuthHandler each
a different method to find out whether they should kick in. This matters
when the server supports both methods, and sends out two authentication
headers. Basic uses a regexp that matches the last haeder, and Digest
looks at the first one. So, if the server happens to support both, and
sends the digest header after the basic one, each of the handlers
assumes the other one should handle it and none does.
The fix in the patch is crude, but it should work better than now.

- nonce_count should be reset when the server issues a new nonce
(See RFC 2617, page 12, nonce-count). So, the nonce value should be
stored and nonce_count should be reset if it doesn't match

- Added a max_attempts attribute and set it to 2 by default (instead of
5). Two may or may not work better in general, but it should probably be
configurable. This particular change is not too critical, obviously.

- The HTTPError returned from the digest handler is not a file-like
object, due to http_error_auth_reqed not taking a "fp" argument. The
patch fixes that and the two calls to it.

Credit Libor Viktorin if some of the patch makes it.
Date User Action Args
2009-02-16 23:52:39petr.viktorinsetrecipients: + petr.viktorin
2009-02-16 23:52:39petr.viktorinsetmessageid: <>
2009-02-16 23:51:38petr.viktorinlinkissue5286 messages
2009-02-16 23:51:37petr.viktorincreate