diff options
Diffstat (limited to 'src/parser')
| -rw-r--r-- | src/parser/hdr_www_authenticate.cpp | 13 | ||||
| -rw-r--r-- | src/parser/request.cpp | 6 |
2 files changed, 16 insertions, 3 deletions
diff --git a/src/parser/hdr_www_authenticate.cpp b/src/parser/hdr_www_authenticate.cpp index ae87e99..2deb787 100644 --- a/src/parser/hdr_www_authenticate.cpp +++ b/src/parser/hdr_www_authenticate.cpp @@ -17,10 +17,23 @@ #include "hdr_www_authenticate.h" #include "definitions.h" +#include "util.h" t_hdr_www_authenticate::t_hdr_www_authenticate() : t_header("WWW-Authenticate") {} void t_hdr_www_authenticate::set_challenge(const t_challenge &c) { + // The server may send multiple WWW-Authenticate/Proxy-Authenticate + // headers, with different digest algorithms, in decreasing order of + // preference. We must therefore avoid overwriting any supported + // challenge once we've got a hold of one. (We don't simply ignore + // all unsupported challenges, however, just in case the server forgot + // to include a Digest challenge.) + if (populated) { + // Don't overwrite the previous challenge if it was supported + if (cmp_nocase(challenge.auth_scheme, AUTH_DIGEST) == 0) { + return; + } + } populated = true; challenge = c; } diff --git a/src/parser/request.cpp b/src/parser/request.cpp index e20a8fb..a157a94 100644 --- a/src/parser/request.cpp +++ b/src/parser/request.cpp @@ -505,9 +505,9 @@ bool t_request::is_valid(bool &fatal, std::string &reason) const { // RFC 3265 7.2 // Subscription-State header is mandatory - // As an exception Twinkle allows an unsollicited NOTIFY for MWI + // As an exception Twinkle allows an unsolicited NOTIFY for MWI // without a Subscription-State header. Asterisk sends - // unsollicited NOTIFY requests. + // unsolicited NOTIFY requests. if (!hdr_to.tag.empty() || hdr_event.event_type != SIP_EVENT_MSG_SUMMARY) { @@ -519,7 +519,7 @@ bool t_request::is_valid(bool &fatal, std::string &reason) const { // The Subscription-State header is mandatory. // However, Asterisk uses an expired draft for sending - // unsollicitied NOTIFY messages without a Subscription-State + // unsolicitied NOTIFY messages without a Subscription-State // header. As Asterisk is popular, Twinkle allows this. break; case REFER: |