I discovered the following two bugs in 1.4 and 1.4.1 while using Adobe Flash 10 the TURN client.
The StunMagicCookie is tested and created in reversed order. Xor-ing of peer address with this cookie works fine, though.
The problem is in StunMessage.cxx lines 156 and 487.
May be relevant to know that I am working on a RHEL5 Linux server.
My work around was to create an additional const in StunMessage.hxx with cookie value in reversed order and use that on the two places indicated.
In TurnAllocation::sendDataToClient I always got “sendDataToClient RemotePeer info not found”. It appeared that no entries are made if no ChannelBind request is received.
I solved this by letting ChannelManager::findRemotePeerByPeerAddress return new RemotePeer(peerAddress, 0) on line 87.
Hope this helps.
As I cannot oversee possible side effects for other use cases I kept these changes local to my environment.