[Live-devel] Vivatek digest authentication

Ross Finlayson

2012-03-24 07:51:31 UTC

Post by Krishna Patel
Live555 version 2012.02.29 is not compatible with Vivotek camera digest authentication.

(Why do I always get these sorts of reports from 3rd parties, and never from the camera manufacturers themselves?)

Post by Krishna Patel
- Rtsp: RESPONSE, RTSP/1.0, Status Code = 401 - Unauthorized
- Response: Status of response : Unauthorized
ProtocolVersion: RTSP/1.0
StatusCode: 401, Unauthorized
Reason: Unauthorized
CSeq: 3
WWW-Authenticate: Digest qop="auth",realm="streaming_server",nonce="bfd4e04b78959b55aeb1167adfabcec5"

The problem is the
qop="auth",
part of the "WWW-Authenticate:" header. This is non-standard in RTSP, because:
1/ The RTSP specification (RFC 2326) uses RFC 2069 to define the digest authentication mechanism.
2/ RFC 2069 does not define the "qop" parameter. (Although that parameter was later defined in RFC 2617 (which updated RFC 2609), it was not defined in the version of the document that was referenced by the RTSP specification.)

Therefore, Vivotek should update their cameras to remove the
qop="auth",
string from their "WWW-Authenticate:" strings, and thereby properly conform to the RTSP standard. (Note that if they do this, they will still be compatible with any RTSP client implementation that happens to use the RFC 2617 specification, because - in that document - qop="auth" is defined to be the default behavior, to be used if the "qop" parameter is not present.)

(Feel free to forward this message to Vivotek's technical support.)

Ross Finlayson
Live Networks, Inc.
http://www.live555.com/