[reSIProcate] Authentication+Authorization bugs
Meir Elberg
elbergm at gmail.com
Sun Oct 9 10:14:14 CDT 2005
Hi,
I found a bug in DUM:
ServerAuthManager tries challenging ACK requests.
Another problem is that Proxy-Authorization header isn't sent within ACK
requests as it should.
According to the RFC:
Under an authentication scheme that uses responses to carry values
used to compute nonces (such as Digest), some problems come up for
any requests that take no response, including ACK. For this reason,
any credentials in the INVITE that were accepted by a server MUST be
accepted by that server for the ACK. UACs creating an ACK message
will duplicate all of the Authorization and Proxy-Authorization
header field values that appeared in the INVITE to which the ACK
corresponds. Servers MUST NOT attempt to challenge an ACK.
I'll try to resolve the bug but I'm sure you'll do it faster and better than
me...
Thanks,
Elberg Meir.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20051009/b38d87b5/attachment.htm>
More information about the resiprocate-devel
mailing list