![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
Opened 18 years ago
Closed 18 years ago
#287 closed defect (fixed)
Selective authentication for STUN error responses
| Reported by: | bennylp | Owned by: | bennylp |
|---|---|---|---|
| Priority: | normal | Milestone: | release-0.7.0-rc2 |
| Component: | pjnath | Version: | trunk |
| Keywords: | Cc: | ||
| Backport to 1.x milestone: | Backported: |
Description
When STUN request include MESSAGE-INTEGRITY attribute, the response (success or error) MUST be authenticated, according to RFC 3489bis-06.
Some responses however cannot be authenticated, since by definition they cannot contain MESSAGE-INTEGRITY. This currently is not in RFC 3489-bis, so I decided to disable authentication for the following error codes until the draft is clear about it:
401 (Unauthorized)
432 (Missing Username)
434 (Missing Realm)
436 (Unknown Username)
431 (Integrity Check Failure)
Change History (1)
comment:1 Changed 18 years ago by bennylp
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
Fixed in r1290, by adding pj_stun_auth_valid_for_msg() function in stun_auth.c.