[asterisk-bugs] [JIRA] (ASTERISK-29438) TURN Server never added to ICE candidate list.

Chris (JIRA) noreply at issues.asterisk.org
Fri May 21 04:51:17 CDT 2021


    [ https://issues.asterisk.org/jira/browse/ASTERISK-29438?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=254974#comment-254974 ] 

Chris edited comment on ASTERISK-29438 at 5/21/21 4:49 AM:
-----------------------------------------------------------

Ok, we found the issue. It was due to a misconfiguration.

The turnusername and password were surrounded by by double-quotes.
These doublequotes were not stripped from the turnusername, resulting in a BAD REQUEST error .

The reason that we get a BAD REQUEST and not an auth failure is that the turn server first checks for the attribute fields to be valid. A username with quotes is of-course, invalid.


Our usernames and passwords are generated daily, and might contain special characters like a colon ':' , semicolon or others.
In the past we had issues where Asterisk stopped parsing the password when it encountered a ':' 
Therefore we used quotes to protect the password parsing.

When I look at the code, apparently *ast_strip_quoted* is never used for turnusername or turnpassword.

What is the recommended way to ensure that generated passwords with specials charactes are parsed properly ?




was (Author: ccasterisk):
Ok, we found the issue. It was due to a misconfiguration.

The turnusername and password were surrounded by by double-quotes.
These doublequotes were not stripped from the turnusername, resulting in a BAD REQUEST error .

The reason that we get a BAD REQUEST and not an auth failure is that the turn server first checks for the attribute fields to be valid. A username with quotes is of-course, invalid.


Our usernames and passwords are generated daily, and might contain special characters like a colon ':' , semicolon or others.
In the past we had issues where Astiersk stopped parsing the password when it encountered a : 
Therefore we used quotes to protect the password parsing.

When I look at the code, apparently *ast_strip_quoted* is never used for turnusername or turnpassword.

What is the recommended way to ensure that generated passwords with specials charactes are parsed properly ?



> TURN Server never added to ICE candidate list.
> ----------------------------------------------
>
>                 Key: ASTERISK-29438
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29438
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: pjproject/pjsip, Resources/res_rtp_asterisk
>    Affects Versions: 16.17.0
>         Environment: Network topology requiring TURN
>  using PJSIP
>            Reporter: Chris
>            Assignee: Unassigned
>              Labels: webrtc
>         Attachments: no-turn-candidates.zip
>
>
> The configured TURN server is never added to the ICE candidate list offered via SIP/SDP
> The assumed reason is that, after receiving status 400 (Bad request) Asterisk stops sending request and shuts down the 
> According to the RFC, a status 400 does not necessary means the procedure has to stop.
> See: https://tools.ietf.org/id/draft-ietf-tram-stunbis-13.html#section.bid-down
> NOTE : The PCAP contains 4 requests,  these are for audio, video and their 2 RTCP counterparts.
> But each of those 4 are only tried once.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list