< Previous by Date	Date Index	Next by Date >
	Thread Index	Next in Thread >

[reSIProcate] Authentication+Authorization bugs

From: Meir Elberg <elbergm@xxxxxxxxx>
Date: Sun, 9 Oct 2005 17:14:14 +0200

Hi,

I found a bug in DUM:

ServerAuthManager tries challenging ACK requests.
Another problem is that Proxy-Authorization header isn't sent within ACK requests as it should.

According to the RFC:

   Under an authentication scheme that uses responses to carry values
   used to compute nonces (such as Digest), some problems come up for
   any requests that take no response, including ACK.  For this reason,

   any credentials in the INVITE that were accepted by a server MUST be
   accepted by that server for the ACK.  UACs creating an ACK message
   will duplicate all of the Authorization and Proxy-Authorization

   header field values that appeared in the INVITE to which the ACK
   corresponds.  Servers MUST NOT attempt to challenge an ACK.

I'll try to resolve the bug but I'm sure you'll do it faster and better than me...

Thanks,
Elberg Meir.

Prev by Date: [reSIProcate] The "role" of the resip objects... and my understanding of them
Next by Date: RE: [reSIProcate] The "role" of the resip objects... and myunderstanding of them
Previous by thread: [reSIProcate] The "role" of the resip objects... and my understanding of them
Next by thread: RE: [reSIProcate] Authentication+Authorization bugs
Index(es):
- Date
- Thread