diff --git a/CHANGELOG b/CHANGELOG
index 8321a67f5..d90c92f57 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,7 +1,11 @@
 #Nmap Changelog ($Id$); -*-text-*-
 
-o [NSE][GH#1648] CR characters are no longer treated as illegal in script XML
-  output. [nnposter]
+o [NSE][GH#1665] The HTTP library no longer crashes when code requests digest
+  authentication but the server does not provide the necessary authentication
+  header. [nnposter]
+
+o [NSE][GH#1648] CR characters (0x0D) are no longer treated as illegal
+  in script XML output. [nnposter]
 
 o [GH#1659] Allow resuming nmap scan with lengthy command line
   [Clément Notin]
diff --git a/nselib/http.lua b/nselib/http.lua
index e8b09dde8..1c3f838a3 100644
--- a/nselib/http.lua
+++ b/nselib/http.lua
@@ -1404,7 +1404,7 @@ function generic_request(host, port, method, path, options)
     options_with_auth_removed["auth"] = nil
     local r = generic_request(host, port, method, path, options_with_auth_removed)
     local h = r.header['www-authenticate']
-    if not r.status or (h and not string.find(h:lower(), "digest.-realm")) then
+    if not (r.status and h and h:lower():find("digest.-realm")) then
       stdnse.debug1("http: the target doesn't support digest auth or there was an error during request.")
       return http_error("The target doesn't support digest auth or there was an error during request.")
     end