Summary:ASTERISK-20653: Asterisk allows Session-Expires below 90 in a 200 OK
Reporter:Kinsey Moore (kmoore)Labels:
Date Opened:2012-11-06 09:57:47.000-0600Date Closed:2012-12-10 08:42:45.000-0600
Versions: 10.9.0 11.0.1 Frequency of
Environment:Asterisk testsuite, Ubuntu 10.04Attachments:( 0) rfc_breakers.diff
Description:When Asterisk initiates a call to a SIP device, that SIP device may specify a Session-Expires header that falls outside of what is allowed by RFC4028. Asterisk will honor this value instead of tearing down the call as would be appropriate.  See the first review on https://reviewboard.asterisk.org/r/2180/ for further details.  This can be replicated by modifying one of the SIPp UAS scenarios in the review (where Asterisk is UAC) to reduce the Session-Expires header in the 200 OK response to 10.
Comments:By: Kinsey Moore (kmoore) 2012-11-06 14:45:54.811-0600

Added a diff containing two tests for RFC4028 breakage.  One fails (as per this bug) and the other passes since it works correctly.  Note that the test that passes may be exposing another bug since it takes upwards of 20 seconds to complete (it appears as if Asterisk is hanging around unnecessarily long).