I did some tests with auth_ephemeral. When timestamp has expired, I get to syslog
Feb 23 03:53:05 char /usr/bin/sip-proxy[31758]: WARNING: auth_ephemeral [authorize.c:205]: autheph_verify_timestamp(): username has expired Feb 23 03:53:05 char /usr/bin/sip-proxy[31758]: ERROR: auth_ephemeral [authorize.c:260]: digest_authenticate(): invalid timestamp in username
In my opinion, the WARNING is enough and the ERROR message should be removed. ERROR is when an error happens. There is no error here, just an expired timestamp.
-- Juha
Am Samstag, 23. Februar 2019, 02:59:05 CET schrieb Juha Heinanen:
I did some tests with auth_ephemeral. When timestamp has expired, I get to syslog
Feb 23 03:53:05 char /usr/bin/sip-proxy[31758]: WARNING: auth_ephemeral [authorize.c:205]: autheph_verify_timestamp(): username has expired Feb 23 03:53:05 char /usr/bin/sip-proxy[31758]: ERROR: auth_ephemeral [authorize.c:260]: digest_authenticate(): invalid timestamp in username
In my opinion, the WARNING is enough and the ERROR message should be removed. ERROR is when an error happens. There is no error here, just an expired timestamp.
Hi Juha,
sounds indeed too noisy, should be changed in the code.
Best regards,
Henning
Henning Westerholt writes:
I did some tests with auth_ephemeral. When timestamp has expired, I get to syslog
Feb 23 03:53:05 char /usr/bin/sip-proxy[31758]: WARNING: auth_ephemeral [authorize.c:205]: autheph_verify_timestamp(): username has expired Feb 23 03:53:05 char /usr/bin/sip-proxy[31758]: ERROR: auth_ephemeral [authorize.c:260]: digest_authenticate(): invalid timestamp in username
In my opinion, the WARNING is enough and the ERROR message should be removed. ERROR is when an error happens. There is no error here, just an expired timestamp.
Hi Juha,
sounds indeed too noisy, should be changed in the code.
I looked at the code and in addition to removing the above error message, it would be appropriate to define in api.h a new auth_cfg_result constant similar to AUTH_STALE_NONCE, such as AUTH_EXPIRED, and return it instead of AUTH_ERROR when the timestamp has expired.
-- Juha
-
Henning Westerholt -
Juha Heinanen