I’ve run into a problem with CFHTTPMessageAddAuthentication: it works fine with HTTP Basic auth challenges, but when I try to use it with a Digest auth challenge it fails (returns false.) Searching around I ran into a StackOverflow question* posted yesterday that’s almost exactly the same as my situation.
The person who posted that question also tried using CFHTTPMessageApplyCredentials, which returns an error code not just a boolean; he got the error kCFStreamErrorHTTPAuthenticationTypeUnsupported, which definitely sounds like digest auth isn’t supported. On the other hand, why would the API bother to define constants (i.e. kCFHTTPAuthenticationSchemeDigest) for auth schemes it doesn’t support? And why wouldn’t this API support digest auth when NSURLConnection does support it, since I assume they share a common implementation? I really, really don’t want to have to implement RFC2617 myself. But I can’t use NSURLSession (I’m implementing a WebSocket handshake, not vanilla HTTP). All I want to do is save the users of my API from exposing their passwords in cleartext… —Jens * http://stackoverflow.com/questions/31115966/cfhttpmessageaddauthentication-fails-to-add-authentication-data-to-request <http://stackoverflow.com/questions/31115966/cfhttpmessageaddauthentication-fails-to-add-authentication-data-to-request>
_______________________________________________ Do not post admin requests to the list. They will be ignored. Macnetworkprog mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/macnetworkprog/archive%40mail-archive.com This email sent to [email protected]
