[OpenSIPS-Users] Auth parameter disable_nonce_check not working as expected

Bogdan-Andrei Iancu bogdan at opensips.org
Wed Jan 10 04:14:22 EST 2018 

Hi Robert,

Yes, it is exactly what I understood :). Again, if the nonce is expired 
(too old - see nonce_expire - 
http://www.opensips.org/html/docs/modules/2.3.x/auth.html#idp185504), 
there is no way to force its acceptance. OpenSIPS will reject it as 
stale (even if there is correct auth answer).

The disable_nonce_check parameter 
(http://www.opensips.org/html/docs/modules/2.3.x/auth.html#idp5552944) 
is exclusively for nonce re-usage.

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   http://www.opensips-solutions.com
OpenSIPS Summit 2018
   http://www.opensips.org/events/Summit-2018Amsterdam

On 01/09/2018 05:53 PM, Robert Dyck wrote:
> Let me rephrase. The UA receives a 401 message from opensip. The nonce is
> reported as stale. The UA attempts again to register using the same nonce as
> previously. On and on. I calculated the digest myself and it is correct for
> the stale nonce. My thinking is that if opensips ignored the fact that the
> nonce has expired then register should succeed.
>
> On Tuesday, January 9, 2018 6:39:04 AM PST Bogdan-Andrei Iancu wrote:
>> Hi Rob,
>>
>> A "reused" and a "stale" nonce are different things. A reused one means
>> that same nonce is to be used for multiple auth attempts. A stale nonce
>> means the nonce (used or not) is rejected as it is too old (relative to
>> the time when the nonce was generated by the server).
>>
>> Of course, the stale check is first perform (and mandatory). After that
>> (according to disable_nonce_check option) the nonce re-usage is checked.
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>>
>> OpenSIPS Founder and Developer
>>     http://www.opensips-solutions.com
>> OpenSIPS Summit 2018
>>     http://www.opensips.org/events/Summit-2018Amsterdam
>>
>> On 01/08/2018 08:36 PM, Robert Dyck wrote:
>>> Using opensips 2.3.2 compiled from source
>>>
>>> I have a buggy UA that insists on reusing a stale nonce. I tried to
>>> work around it by setting disable_nonce_check. It didn't work for me.
>>> Am I misunderstanding the purpose of the parameter or is this an
>>> opensips bug?
>>>
>>> Jan  8 09:46:19 [11380] DBG:core:set_mod_param_regex: found
>>> <disable_nonce_check> in module auth [/usr/lib64/opensips/modules/]
>>>
>>> Rob
>>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>

More information about the Users mailing list