[asterisk-bugs] [JIRA] (ASTERISK-29438) TURN Server never added to ICE candidate list.
Chris (JIRA)
noreply at issues.asterisk.org
Fri May 21 04:51:17 CDT 2021
[ https://issues.asterisk.org/jira/browse/ASTERISK-29438?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=254974#comment-254974 ]
Chris edited comment on ASTERISK-29438 at 5/21/21 4:49 AM:
-----------------------------------------------------------
Ok, we found the issue. It was due to a misconfiguration.
The turnusername and password were surrounded by by double-quotes.
These doublequotes were not stripped from the turnusername, resulting in a BAD REQUEST error .
The reason that we get a BAD REQUEST and not an auth failure is that the turn server first checks for the attribute fields to be valid. A username with quotes is of-course, invalid.
Our usernames and passwords are generated daily, and might contain special characters like a colon ':' , semicolon or others.
In the past we had issues where Asterisk stopped parsing the password when it encountered a ':'
Therefore we used quotes to protect the password parsing.
When I look at the code, apparently *ast_strip_quoted* is never used for turnusername or turnpassword.
What is the recommended way to ensure that generated passwords with specials charactes are parsed properly ?
was (Author: ccasterisk):
Ok, we found the issue. It was due to a misconfiguration.
The turnusername and password were surrounded by by double-quotes.
These doublequotes were not stripped from the turnusername, resulting in a BAD REQUEST error .
The reason that we get a BAD REQUEST and not an auth failure is that the turn server first checks for the attribute fields to be valid. A username with quotes is of-course, invalid.
Our usernames and passwords are generated daily, and might contain special characters like a colon ':' , semicolon or others.
In the past we had issues where Astiersk stopped parsing the password when it encountered a :
Therefore we used quotes to protect the password parsing.
When I look at the code, apparently *ast_strip_quoted* is never used for turnusername or turnpassword.
What is the recommended way to ensure that generated passwords with specials charactes are parsed properly ?
> TURN Server never added to ICE candidate list.
> ----------------------------------------------
>
> Key: ASTERISK-29438
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-29438
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: pjproject/pjsip, Resources/res_rtp_asterisk
> Affects Versions: 16.17.0
> Environment: Network topology requiring TURN
> using PJSIP
> Reporter: Chris
> Assignee: Unassigned
> Labels: webrtc
> Attachments: no-turn-candidates.zip
>
>
> The configured TURN server is never added to the ICE candidate list offered via SIP/SDP
> The assumed reason is that, after receiving status 400 (Bad request) Asterisk stops sending request and shuts down the
> According to the RFC, a status 400 does not necessary means the procedure has to stop.
> See: https://tools.ietf.org/id/draft-ietf-tram-stunbis-13.html#section.bid-down
> NOTE : The PCAP contains 4 requests, these are for audio, video and their 2 RTCP counterparts.
> But each of those 4 are only tried once.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list