From fdee8c94444d51eeab876cfe15f91026a19c8ac5 Mon Sep 17 00:00:00 2001
From: ljhljh127 <ljhljh1127@naver.com>
Date: Wed, 13 Aug 2025 02:08:50 +0000
Subject: [PATCH] fix: prioritize MD5 digest over SHA256 for better camera
 compatibility

- Change algorithm selection to prefer MD5 digest over SHA256
- Improves compatibility with cameras that don't support QOP
- Aligns with FFmpeg behavior and VDK library approach
- Fixes 401 authentication errors with multi-algorithm cameras
---
 pkg/auth/sender.go | 26 ++++++++++++++++++++++----
 1 file changed, 22 insertions(+), 4 deletions(-)

diff --git a/pkg/auth/sender.go b/pkg/auth/sender.go
index 1efcf38f..a6c65e5e 100644
--- a/pkg/auth/sender.go
+++ b/pkg/auth/sender.go
@@ -33,6 +33,7 @@ type Sender struct {
 
 // Initialize initializes a Sender.
 func (se *Sender) Initialize() error {
+	var md5Auth, sha256Auth *headers.Authenticate
 	for _, v := range se.WWWAuth {
 		var auth headers.Authenticate
 		err := auth.Unmarshal(base.HeaderValue{v})
@@ -40,13 +41,30 @@ func (se *Sender) Initialize() error {
 			continue // ignore unrecognized headers
 		}
 
-		if se.authHeader == nil ||
-			(auth.Algorithm != nil && *auth.Algorithm == headers.AuthAlgorithmSHA256) ||
-			(se.authHeader.Method == headers.AuthMethodBasic) {
-			se.authHeader = &auth
+		switch auth.Method {
+		case headers.AuthMethodDigest:
+			if auth.Algorithm == nil || *auth.Algorithm == headers.AuthAlgorithmMD5 {
+				if md5Auth == nil {
+					md5Auth = &auth
+				}
+			} else if *auth.Algorithm == headers.AuthAlgorithmSHA256 {
+				if sha256Auth == nil {
+					sha256Auth = &auth
+				}
+			}
+		case headers.AuthMethodBasic:
+			if se.authHeader == nil {
+				se.authHeader = &auth
+			}
 		}
 	}
 
+	if md5Auth != nil {
+		se.authHeader = md5Auth
+	} else if sha256Auth != nil {
+		se.authHeader = sha256Auth
+	}
+
 	if se.authHeader == nil {
 		return fmt.Errorf("no authentication methods available")
 	}