> Live555 version 2012.02.29 is not compatible with Vivotek camera digest
> authentication.
(Why do I always get these sorts of reports from 3rd parties, and never from
the camera manufacturers themselves?)
> This is what Vivotek IP8161 camera sends when it cannot authrorize the client:
>
> - Rtsp: RESPONSE, RTSP/1.0, Status Code = 401 - Unauthorized
> - Response: Status of response : Unauthorized
> ProtocolVersion: RTSP/1.0
> StatusCode: 401, Unauthorized
> Reason: Unauthorized
> CSeq: 3
> WWW-Authenticate: Digest
> qop="auth",realm="streaming_server",nonce="bfd4e04b78959b55aeb1167adfabcec5"
The problem is the
qop="auth",
part of the "WWW-Authenticate:" header. This is non-standard in RTSP, because:
1/ The RTSP specification (RFC 2326) uses RFC 2069 to define the digest
authentication mechanism.
2/ RFC 2069 does not define the "qop" parameter. (Although that
parameter was later defined in RFC 2617 (which updated RFC 2609), it was not
defined in the version of the document that was referenced by the RTSP
specification.)
Therefore, Vivotek should update their cameras to remove the
qop="auth",
string from their "WWW-Authenticate:" strings, and thereby properly conform to
the RTSP standard. (Note that if they do this, they will still be compatible
with any RTSP client implementation that happens to use the RFC 2617
specification, because - in that document - qop="auth" is defined to be the
default behavior, to be used if the "qop" parameter is not present.)
(Feel free to forward this message to Vivotek's technical support.)
Ross Finlayson
Live Networks, Inc.
http://www.live555.com/
_______________________________________________
live-devel mailing list
live-devel@lists.live555.com
http://lists.live555.com/mailman/listinfo/live-devel
