id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
50	Basic Auth does not seem to work with SHA1 hashs	www.google.com/accounts/o8/id?id=AItOawlOMc4TegxQewE17mpLWT0RLKdQIHsGX88	Maxim Dounin	"We are using Basic Authentication to protect part of our site.  Initially, we set up the passwords using the SHA1 option.  However, authentication failed.  Using MD5 worked OK.

I think NGINX module is not generating the SHA1 version of the password from the HTTP header correctly.  This is the log dump:

2011/11/04 14:01:22 [debug] 26969#0: *6 rc: 0 user: ""**SR***"" salt: ""{SHA}VAf27VQjI3EG7889p+LAY9HqMOo=""
2011/11/04 14:01:22 [debug] 26969#0: *6 encrypted: ""{SgJ8nAZK5bVg""
2011/11/04 14:01:22 [error] 26969#0: *6 user ""istewartson"": password mismatch, client: 62.73.161.20, server: site400.the
clubuk.com, request: ""GET /guides/index.html HTTP/1.1"", host: ""**SR**"", referrer: ""http://**SR**/report/chapter-1.html""

Looking at the source, we think the code in src/core/ngx_crypt.c in the function ngx_crypt_ssha not creating the hashed version of the password correctly - it should be {SHA}followed by 20 characters - the encrypted line in the above debug dump looks wrong.

I've remove some sensitive data and replaced it by **SR** (host and user names).



"	defect	closed	minor		nginx-core	1.0.x	fixed			Linux evl3300673 2.6.18-274.3.1.el5 #1 SMP Fri Aug 26 18:49:02 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux	"nginx: nginx version: nginx/1.0.8
nginx: TLS SNI support enabled
nginx: configure arguments: --prefix=/opt/nginx --add-module=../nginx_mod_h264_streaming-2.2.7 --with-http_ssl_module --with-openssl=../openssl-0.9.8r --with-http_flv_module --user=nginx --group=nginx --with-http_realip_module --with-debug
"