I looked at the code and the system time is used (not the the internal value). Therefore, after detecting and invalid nonce, if you do challenge again, a nonce with the right time should be generated and used for authentication.
Look at sip trace to see if nonce is regenerated and run with debug=3 to get more log message that would help to investigate better. Cheers, Daniel On 20/08/15 10:05, Daniel-Constantin Mierla wrote: > Hello, > > probably the module is using the time computed internally as start time > plus elapsed seconds (counted internally). We can introduce an option to > use the system time, which may add a bit of delay, but really > insignificant. I will look into it these days. > > Cheers, > Daniel > > > On 18/08/15 22:44, Vasiliy Ganchev wrote: >> Hi list! >> (sorry for sending first mail to wrong sub forum) >> Have a following issue: >> Server with Kamailio restart with wrong time (why - this is separate part of >> my investigations), timeshift e.g. for 2 hours in feature. >> After ntp daemon adjust correct time (move time backwards), Kamailio do not >> accept REGISTERs, pv_www_authenticate answer with code -4 (nonce expired) >> >> I've reade the description of: >> http://kamailio.org/docs/modules/4.2.x/modules/auth.html#auth.p.nonce_expire >> and >> http://kamailio.org/docs/modules/4.2.x/modules/auth.html#auth.p.nonce_auth_max_drift >> >> This descriptions mention situation with backwards timeshift from future. >> As I understand, Kamailio do not authorise the registration, whose nonces >> where generated in future (before ntp shifted the time). But in my tests, >> Kamailio do not accept even REGISTER from UA, sent after time shift (with >> new nonces, that as I expected has to use correct time for nonce generation, >> and be authorised with no problem). >> >> Only Kamailio process restart help to cope with the issue. >> >> It looks like for nonce generating Kamailio use old time (in feature, that >> was before timeshift). >> >> I wander, does the Kamailio behave in described case - as is expected? If I >> am wrong in some of my assumptions, please point out. >> >> version: kamailio 4.2.5 >> >> Thank in advance! >> Cheers! >> >> >> >> >> -- >> View this message in context: >> http://sip-router.1086192.n5.nabble.com/during-registration-nonce-expired-after-backwards-time-shift-tp140536.html >> Sent from the Users mailing list archive at Nabble.com. >> >> _______________________________________________ >> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list >> sr-users@lists.sip-router.org >> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users -- Daniel-Constantin Mierla http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Book: SIP Routing With Kamailio - http://www.asipto.com _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users