[OpenSIPS-Users] Registrations, Retransmissions and Nonces
Saúl Ibarra Corretgé
saul at ag-projects.com
Wed Nov 3 13:53:33 CET 2010
Hi Bogdan,
On 11/03/2010 01:45 PM, Bogdan-Andrei Iancu wrote:
> Hi Kennard
>
> Kennard White wrote:
>
> [....]
>> Opensips has two mechanisms for making a nonce stale: the time-based
>> mechanism (nonce_expire) and a use-once mechanism
>> ('disable_nonce_check"). The 2nd mechanism doesn't set the stale=1
>> flag. Not sure why, but I think maybe because authors assume that if
>> this happened it was a malicious attack, not a retransmission.
> [....]
>
> actually that was a bug - the STALE indicator was report to the script,
> but not included in the challenge ....It is fixed now.
>
Does this bug affect all versions from 1.4 to 1.6? If so, are you
planning to backport this fix to 1.4 and 1.5?
Thanks and regards,
--
Saúl Ibarra Corretgé
AG Projects
More information about the Users
mailing list