[reSIProcate] auth info in BYE same as INVITE 403 / advancedAuthenticateRequest() passes millsecond expires, but compares seconds

[Justin Matthews]

If DUM challenges an INVITE and then successfully authenticates a call and
the UA then sends DUM a BYE and copies the auth info from the original
INVITE, a 403 is returned because the Method portion of the request-uri is
used in calculating A2 and the Method is now BYE and originally was INVITE.

 

Is this behavior by the UA sending the BYE completely against the spec(s),
or should DUM be able to allow my app to decide whether to accept this kind
of behavior?

 

Also, the call to advancedAuthenticateRequest in ServerAuthManager.cxx
passes 3000 as a hard-coded expiration for the nonce value, is this meant to
be 3 seconds?  The comparison on nonce expiration values is done in seconds
in advancedAuthenticateRequest.  On a side note, how was the value of the
expiration interval decided?

 

Thanks,

 

Justin

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20070303/8539e33e/attachment.htm>