Open taleintervenor opened 1 month ago
Per RFC2869 §5.14
When the checksum is calculated the signature string should be considered to be sixteen octets of zero.
The first call to rfc2869.MessageAuthenticator_Set
inserts the attribute in the packet. The second call updates the attribute value to the hash you calculated.
I have read the issue 27 and successfully add the Message-Authenticator field to request. But I cannot understand why rfc2869.MessageAuthenticator_Set() has to be called twice.
In my own code:
It seems the second set action should completely overwrite the previous data. But when I coment out the first MessageAuthenticator_Set, the request sent to freeradius server was dropped with error log like:
It turns out that the first MessageAuthenticator_Set() is necessary. So what is the difference it actually made?