| < Previous by Date | Date Index | Next by Date > |
| Thread Index | Next in Thread > |
Hi, I have run into a situation where reSIProcate gets stuck in an endless loop of attempting to REGISTER with invalid credentials. Here is the situation: 1. App sends REGISTER message to switch 2. Switch replies with 401 Unauthorized 3. App sends REGISTER with authentication to switch, but the user entered in the wrong password so the credentials are invalid 4. Switch replies with 401 Unauthorized again, but the reply has a different nonce value. 5. App recreates credentials and tries again. Return to step 3. This happens in ClientAuthManager.cxx, in ClientAuthManager::RealmState::handleAuth(). I am under the impression that this is a bug in reSIProcate. From the section 22.1 of RFC3261: "Finally, note that even if a UAC can locate credentials that are associated with the proper realm, the potential exists that these credentials may no longer be valid or that the challenging server will not accept these credentials for whatever reason (especially when "anonymous" with no password is submitted). In this instance a server may repeat its challenge, or it may respond with a 403 Forbidden. A UAC MUST NOT re-attempt requests with the credentials that have just been rejected (though the request may be retried if the nonce was stale)." So my understanding of this paragraph is that reSIProcate is in error because it is re-attempting the same request when the nonce has changed, when it should only re-attempt the request if the nonce is stale. I should also note that this works properly with the previous version (5761) of ClientAuthManager.cxx/hxx. Thoughts? Martin Dill NewHeights Software