Opened 12 years ago

Closed 12 years ago

#287 closed defect (fixed)

Selective authentication for STUN error responses

Reported by: bennylp Owned by: bennylp
Priority: normal Milestone: release-0.7.0-rc2
Component: pjnath Version: trunk
Keywords: Cc:
Backport to 1.x milestone: Backported:

Description

When STUN request include MESSAGE-INTEGRITY attribute, the response (success or error) MUST be authenticated, according to RFC 3489bis-06.

Some responses however cannot be authenticated, since by definition they cannot contain MESSAGE-INTEGRITY. This currently is not in RFC 3489-bis, so I decided to disable authentication for the following error codes until the draft is clear about it:

     401 (Unauthorized)
     432 (Missing Username)
     434 (Missing Realm)
     436 (Unknown Username)
     431 (Integrity Check Failure) 

Change History (1)

comment:1 Changed 12 years ago by bennylp

  • Resolution set to fixed
  • Status changed from new to closed

Fixed in r1290, by adding pj_stun_auth_valid_for_msg() function in stun_auth.c.

Note: See TracTickets for help on using tickets.