[SR-Users] people complain Kamailio not handling stale nonce correctly

Tue Jul 2 17:15:46 CEST 2019

Several people are complaining on baresip git that Kamailio is among
those SIP servers that don't handle stale nonce properly, i.e., don't
include stale=true flag in WWW-Authenticate header of 401 response.

I have tried to tell that Kamailio does what it has been configured to
do, but the response is that "by default" Kamailio works incorrectly.  "By
default" I guess refers to the example Kamailio kamailio.cfg in etc dir.

How about adding stale nonce handling to the example config, for
example, like in below?

-- Juha

*** kamailio.cfg	2019-06-13 17:17:17.182148989 +0300
--- /tmp/kamailio.cfg	2019-07-02 18:02:02.947183503 +0300
***************
*** 745,753 ****

  	if (is_method("REGISTER") || from_uri==myself) {
  		# authenticate requests
! 		if (!auth_check("$fd", "subscriber", "1")) {
! 			auth_challenge("$fd", "0");
! 			exit;
  		}
  		# user authenticated - remove auth header
  		if(!is_method("REGISTER|PUBLISH"))
--- 745,759 ----

  	if (is_method("REGISTER") || from_uri==myself) {
  		# authenticate requests
! 		switch (auth_check("$fd", "subscriber", "1")) {
! 			case 1:
! 		       		break;
! 			case -4:
! 				auth_challenge("$fd", 17);
! 				exit;
! 			default:
! 				auth_challenge("$fd", "0");
! 				exit;
  		}
  		# user authenticated - remove auth header
  		if(!is_method("REGISTER|PUBLISH"))