[OpenSIPS-Users] Auth parameter disable_nonce_check not working as expected

Robert Dyck rob.dyck at telus.net
Wed Jan 10 18:59:39 EST 2018 

I have to accept that I cannot work around the UA's bug. A strange bug that 
only manifests itself after an hour or so. The servers say the nonce is stale 
when in fact the UA presents a nonce of its own invention even changing the 
number of characters in the nonce.

Thank you for your time
Rob

On Wednesday, January 10, 2018 1:14:22 AM PST Bogdan-Andrei Iancu wrote:
> Hi Robert,
> 
> Yes, it is exactly what I understood :). Again, if the nonce is expired
> (too old - see nonce_expire -
> http://www.opensips.org/html/docs/modules/2.3.x/auth.html#idp185504),
> there is no way to force its acceptance. OpenSIPS will reject it as
> stale (even if there is correct auth answer).
> 
> The disable_nonce_check parameter
> (http://www.opensips.org/html/docs/modules/2.3.x/auth.html#idp5552944)
> is exclusively for nonce re-usage.
> 
> Regards,
> 
> Bogdan-Andrei Iancu
> 
> OpenSIPS Founder and Developer
>    http://www.opensips-solutions.com
> OpenSIPS Summit 2018
>    http://www.opensips.org/events/Summit-2018Amsterdam
> 
> On 01/09/2018 05:53 PM, Robert Dyck wrote:
> > Let me rephrase. The UA receives a 401 message from opensip. The nonce is
> > reported as stale. The UA attempts again to register using the same nonce
> > as previously. On and on. I calculated the digest myself and it is
> > correct for the stale nonce. My thinking is that if opensips ignored the
> > fact that the nonce has expired then register should succeed.
> > 
> > On Tuesday, January 9, 2018 6:39:04 AM PST Bogdan-Andrei Iancu wrote:
> >> Hi Rob,
> >> 
> >> A "reused" and a "stale" nonce are different things. A reused one means
> >> that same nonce is to be used for multiple auth attempts. A stale nonce
> >> means the nonce (used or not) is rejected as it is too old (relative to
> >> the time when the nonce was generated by the server).
> >> 
> >> Of course, the stale check is first perform (and mandatory). After that
> >> (according to disable_nonce_check option) the nonce re-usage is checked.
> >> 
> >> Regards,
> >> 
> >> Bogdan-Andrei Iancu
> >> 
> >> OpenSIPS Founder and Developer
> >> 
> >>     http://www.opensips-solutions.com
> >> 
> >> OpenSIPS Summit 2018
> >> 
> >>     http://www.opensips.org/events/Summit-2018Amsterdam
> >> 
> >> On 01/08/2018 08:36 PM, Robert Dyck wrote:
> >>> Using opensips 2.3.2 compiled from source
> >>> 
> >>> I have a buggy UA that insists on reusing a stale nonce. I tried to
> >>> work around it by setting disable_nonce_check. It didn't work for me.
> >>> Am I misunderstanding the purpose of the parameter or is this an
> >>> opensips bug?
> >>> 
> >>> Jan  8 09:46:19 [11380] DBG:core:set_mod_param_regex: found
> >>> <disable_nonce_check> in module auth [/usr/lib64/opensips/modules/]
> >>> 
> >>> Rob
> >>> 
> >>> 
> >>> 
> >>> _______________________________________________
> >>> Users mailing list
> >>> Users at lists.opensips.org
> >>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

More information about the Users mailing list