Relax qop validation: according to the RFC8760 if the qop

is not provided, the qop=auth should be assumed. Issue: #2995 (cherry picked from commit 6f8af86)
OpenSIPS · Jan 27, 2023 · 7261057 · 7261057
1 parent 11dc11e
commit 7261057
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/modules/auth/api.c b/modules/auth/api.c
@@ -229,6 +229,14 @@ auth_result_t pre_auth(struct sip_msg* _m, str* _realm, hdr_types_t _hftype,
 		goto stalenonce;
 	}
 	qop_type_t qop = dcp->qop.qop_parsed;
+	if (qop == QOP_UNSPEC_D) {
+		/*
+		 * RFC8760: If the "qop" parameter is not specified, then
+		 * the default value is "auth".
+		 */
+		qop = QOP_AUTH_D;
+	}
+
 	if ((np.qop != qop) &&
 	    (np.qop != QOP_TYPE_BOTH || (qop != QOP_AUTH_D && qop != QOP_AUTHINT_D))) {
 		LM_DBG("nonce does not match qop\n");