Hello Juha,
sounds like a good idea to me, we should integrate it to the default cfg.
Just a small comment, I think this would be match the current behaviour
more closely (only return stale=true, don't use qop=auth).
! case -4:
! auth_challenge("$fd", 16);
! exit;
Cheers,
Henning
Am 02.07.19 um 17:15 schrieb Juha Heinanen:
Several people are complaining on baresip git that
Kamailio is among
those SIP servers that don't handle stale nonce properly, i.e., don't
include stale=true flag in WWW-Authenticate header of 401 response.
I have tried to tell that Kamailio does what it has been configured to
do, but the response is that "by default" Kamailio works incorrectly.
"By
default" I guess refers to the example Kamailio kamailio.cfg in etc dir.
How about adding stale nonce handling to the example config, for
example, like in below?
-- Juha
*** kamailio.cfg 2019-06-13 17:17:17.182148989 +0300
--- /tmp/kamailio.cfg 2019-07-02 18:02:02.947183503 +0300
***************
*** 745,753 ****
if (is_method("REGISTER") || from_uri==myself) {
# authenticate requests
! if (!auth_check("$fd", "subscriber", "1")) {
! auth_challenge("$fd", "0");
! exit;
}
# user authenticated - remove auth header
if(!is_method("REGISTER|PUBLISH"))
--- 745,759 ----
if (is_method("REGISTER") || from_uri==myself) {
# authenticate requests
! switch (auth_check("$fd", "subscriber", "1")) {
! case 1:
! break;
! case -4:
! auth_challenge("$fd", 17);
! exit;
! default:
! auth_challenge("$fd", "0");
! exit;
}
# user authenticated - remove auth header
if(!is_method("REGISTER|PUBLISH"))
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Henning Westerholt -
https://skalatan.de/blog/
Kamailio services -
https://skalatan.de/services