I'm receiving the following error over and over, adnauseam: Oct 1 23:59:53 NOTICE[3194]: chan_sip.c:5890 check_auth: stale nonce received from 'CNAME-CID <sip:5551212@192.168.1.X>' Does anyone know what "stale nonce" is? Thanks! Paul Conn -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20051002/5f4162c0/attachment.htm
Stewart Nelson
2005-Oct-02 18:09 UTC
[Asterisk-Users] What does the error "stale nonce' mean?
Hi Paul,> I'm receiving the following error over and over, adnauseam: > Oct 1 23:59:53 NOTICE[3194]: chan_sip.c:5890 check_auth: stale nonce received from 'CNAME-CID > <sip:5551212@192.168.1.X>' > Does anyone know what "stale nonce" is? > Thanks!This is normally not an error. Digest authentication in SIP is very similar to its use in HTTP. See http://www.ietf.org/rfc/rfc2617.txt . Details for SIP are at http://www.ietf.org/rfc/rfc3261.txt . When your client sends an INVITE or a REGISTER, * will challenge with a pseudo-random nonce (in the 401 or 407 response), and the client will reissue the request with a corresponding digest; the request is then accepted if the digest is correct. If the client needs to reregister or call the same number again, it is permitted to supply the same digest in the new request, usually avoiding the need to send two requests. However, if * decides that the nonce is too old, it will send a new challenge, to make replay attacks more difficult. * includes stale=true in the authenticate request, to tell the client that the password was ok and it can recompute the digest without asking the user to enter new credentials. Does this happen on REGISTER, on INVITE, or both? For all clients, all of the same type, or just one device? How often? Does the client reissue the request, and does it then succeed? --Stewart
Olle E. Johansson
2005-Oct-03 00:51 UTC
[Asterisk-Users] What does the error "stale nonce' mean?
Paul Conn wrote:> I?m receiving the following error over and over, adnauseam: > > > > Oct 1 23:59:53 NOTICE[3194]: chan_sip.c:5890 check_auth: stale nonce > received from ?CNAME-CID <sip:5551212@192.168.1.X>? > > > > Does anyone know what ?stale nonce? is?I've answered this question many times, so you should be able to find the answer... A stale nonce is when a device tries to re-authenticate with a nonce that is no longer valid. We are telling them that the nonce they used is invalid, and re-issue a new challenge and a fresh nonce. It's just an informative message, that I propably should move away to a debug level of some kind. /Olle
Gurminder Arora
2005-Oct-03 03:12 UTC
[Asterisk-Users] What does the error "stale nonce' mean?
> I'm receiving the following error over and over, adnauseam: >> Oct 1 23:59:53 NOTICE[3194]: chan_sip.c:5890 check_auth: stale nonce > received from 'CNAME-CID <sip:5551212@192.168.1.X>'In message itself no where it is written ERROR But thanks to Stewart and Olle for giving in depth information. /Gurmi
Possibly Parallel Threads
- What is this error message? (check_auth: stale nonce received from ...)
- What means? Correct auth, but based on stale nonce received
- Asterisk 1.41 - Warning and Notice about contact info and stale nonce
- Stale nonce received from
- Odd message: "correct auth, but ..."