How to fix the authentication error "request-digest mismatch" using cadaver and WebDAV on nginx?

2

I use nginx 1.3.9 with the extensions nginx-dav-ext-module and nginx-http-auth-digest.

The problem seems to only occur when I try to log in with cadaver, it’s possible to access the DAV share with iOS, OSX and some other DAV-enabled clients.

Here is the server configuration:

# Secure WebDAV server
#
server {
    listen   443;
    server_name  dav.me.in;

    ssl on;
    ssl_certificate     em.in.cert.csr;
    ssl_certificate_key     me.in.cert.key;

    ssl_protocols SSLv3 TLSv1;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_prefer_server_ciphers on;

    auth_digest_user_file /var/www/.webdav_passwd;

    location / {
        auth_digest "WebDAV";

        root /var/www/dav/;
        autoindex on;

        client_body_temp_path /tmp/nginx/client-tmp 1 2;
            create_full_put_path on;
            client_max_body_size 50m;
            dav_access user:rw group:r  all:r;

        dav_methods PUT DELETE MKCOL COPY MOVE;
        dav_ext_methods PROPFIND OPTIONS;
    }
}

Here is the cadaver log having debug httpauth enabled:

Authentication required for WebDAV on server `dav.me.in':
Username: me
Password: 
auth: Got qop, using 2617-style.
auth: H(A1) is [1700d..........................]
auth: Accepting digest challenge.
auth: Accepted Digest challenge.
Running pre_send hooks
auth: Sending 'Digest' response.
auth: H(A2): bd918..........................
Sending request headers:
OPTIONS / HTTP/1.1
User-Agent: cadaver/0.23.3 neon/0.29.1
Keep-Alive: 
Connection: TE, Keep-Alive
TE: trailers
Host: dav.me.in
Authorization: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Sending request-line and headers:
Request sent; retry is 1.
Aborted request (-3): Could not read status line
Persistent connection timed out, retrying.
Sending request-line and headers:
Connecting to xxxxxxxxxxxxxxxxxx
Doing SSL negotiation.
ssl: Verify callback @ 0 => 18
ssl: Verify failures |= 8 => 8
Request sent; retry is 0.
[status-line] < HTTP/1.1 200 OK
[hdr] Server: nginx
Header Name: [server], Value: [nginx]
[hdr] Date: Tue, 25 Dec 2012 23:27:43 GMT
Header Name: [date], Value: [Tue, 25 Dec 2012 23:27:43 GMT]
[hdr] Content-Length: 0
Header Name: [content-length], Value: [0]
[hdr] Connection: keep-alive
Header Name: [connection], Value: [keep-alive]
[hdr] Keep-Alive: timeout=10
Header Name: [keep-alive], Value: [timeout=10]
[hdr] Authentication-Info: qop="auth", rspauth="12f6................................", cnonce="755.........................", nc=00000001Header Name: [authentication-info], Value: [qop="auth", rspauth="12f6................................", cnonce="755.........................", nc=00000001]
[hdr] DAV: 1
Header Name: [dav], Value: [1]
[hdr] Allow: GET,HEAD,PUT,DELETE,MKCOL,COPY,MOVE,PROPFIND,OPTIONS
Header Name: [allow], Value: [GET,HEAD,PUT,DELETE,MKCOL,COPY,MOVE,PROPFIND,OPTIONS]
[hdr] 
End of headers.
Running post_headers hooks
Running post_send hooks
ah_post_send (#1), code is 200 (want 401), WWW-Authenticate is (none)
auth: Got Auth-Info header: qop="auth", rspauth="12f6................................", cnonce="755.........................", nc=00000001
auth: response-digest match: no (expected [b8cd........................] vs actual [12f6................................])
Request ends, status 200 class 2xx, error line:
Digest mutual authentication failure: request-digest mismatch
Running destroy hooks.
Request ends.
Could not open collection:
Digest mutual authentication failure: request-digest mismatch

Lenar Hoyt

Posted 2012-12-25T23:27:21.583

Reputation: 260

No answers