If the server receives an allocate request for a super-session that hasn't
previously sent a nonce, it always returns 401, even if the request contains a
message-integrity attribute.
Following the steps of RFC 5389 section 10.2.2., and assuming that "unknown
nonce" should be handled the same as "expired nonce", it should return 438 in
this case instead.
What steps will reproduce the problem?
1. Send an ALLOCATE request containing a valid username and realm, and with
message-integrity correctly calculated for the username's password, but with a
nonce that the server doesn't accept for this allocation. (It could come from
a different allocation, for instance, if the client is assuming nonces can be
shared across allocations; or the server could have crashed and restarted.)
What is the expected output? What do you see instead?
I expect a 438 response; the server instead sends 401.
What version of the product are you using? On what operating system?
turnserver-3.2.2.7 on Ubuntu 12.04
Please provide any additional information below.
See the tram mailing list thread starting at
<http://www.ietf.org/mail-archive/web/tram/current/msg00248.html>.
Original issue reported on code.google.com by jonathan...@gmail.com on 19 Feb 2014 at 8:31
Original issue reported on code.google.com by
jonathan...@gmail.com
on 19 Feb 2014 at 8:31