[OpenSIPS-Users] Registrations, Retransmissions and Nonces

Saúl Ibarra Corretgé saul at ag-projects.com
Wed Nov 3 13:53:33 CET 2010


Hi Bogdan,

On 11/03/2010 01:45 PM, Bogdan-Andrei Iancu wrote:
> Hi Kennard
>
> Kennard White wrote:
>
> [....]
>> Opensips has two mechanisms for making a nonce stale: the time-based
>> mechanism (nonce_expire) and a use-once mechanism
>> ('disable_nonce_check"). The 2nd mechanism doesn't set the stale=1
>> flag. Not sure why, but I think maybe because authors assume that if
>> this happened it was a malicious attack, not a retransmission.
> [....]
>
> actually that was a bug - the STALE indicator was report to the script,
> but not included in the challenge ....It is fixed now.
>

Does this bug affect all versions from 1.4 to 1.6? If so, are you 
planning to backport this fix to 1.4 and 1.5?

Thanks and regards,

-- 
Saúl Ibarra Corretgé
AG Projects



More information about the Users mailing list