Server should return 438 on unknown nonce for allocation
GoogleCodeExporter opened this issue · comments
If the server receives an allocate request for a super-session that hasn't
previously sent a nonce, it always returns 401, even if the request contains a
message-integrity attribute.
Following the steps of RFC 5389 section 10.2.2., and assuming that "unknown
nonce" should be handled the same as "expired nonce", it should return 438 in
this case instead.
What steps will reproduce the problem?
1. Send an ALLOCATE request containing a valid username and realm, and with
message-integrity correctly calculated for the username's password, but with a
nonce that the server doesn't accept for this allocation. (It could come from
a different allocation, for instance, if the client is assuming nonces can be
shared across allocations; or the server could have crashed and restarted.)
What is the expected output? What do you see instead?
I expect a 438 response; the server instead sends 401.
What version of the product are you using? On what operating system?
turnserver-3.2.2.7 on Ubuntu 12.04
Please provide any additional information below.
See the tram mailing list thread starting at
<http://www.ietf.org/mail-archive/web/tram/current/msg00248.html>.
Original issue reported on code.google.com by jonathan...@gmail.com
on 19 Feb 2014 at 8:31
Will be fixed in 3.2.2.8
Original comment by mom040...@gmail.com
on 19 Feb 2014 at 9:43
- Changed state: Accepted
Original comment by mom040...@gmail.com
on 22 Feb 2014 at 8:32
- Changed state: Fixed