diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index ee285a92d6621a0b0973b74771cefa8d74ad2efe..f4de10bba585c688f2d4750ece7b8a4d70ae8e4c 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -7737,7 +7737,7 @@ static enum check_auth_result check_auth(struct sip_pvt *p, struct sip_request *
 					 const char *secret, const char *md5secret, int sipmethod,
 					 char *uri, enum xmittype reliable, int ignore)
 {
-	const char *response = "407 Proxy Authentication Required";
+	const char *response;
 	char *reqheader, *respheader;
 	const char *authtoken;
 	char a1_hash[256];
@@ -7746,6 +7746,7 @@ static enum check_auth_result check_auth(struct sip_pvt *p, struct sip_request *
 	char *c;
 	int  wrongnonce = FALSE;
 	int  good_response;
+	int code;
 	const char *usednonce = p->randdata;
 
 	/* table of recognised keywords, and their value in the digest */
@@ -7768,12 +7769,18 @@ static enum check_auth_result check_auth(struct sip_pvt *p, struct sip_request *
 		/* On a REGISTER, we have to use 401 and its family of headers
 		 * instead of 407 and its family of headers.
 		 */
+		code = WWW_AUTH;
 		response = "401 Unauthorized";
-		auth_headers(WWW_AUTH, &reqheader, &respheader);
 	} else {
+		code = PROXY_AUTH;
 		response = "407 Proxy Authentication Required";
-		auth_headers(PROXY_AUTH, &reqheader, &respheader);
 	}
+	/*
+	 * Note the apparent swap of arguments below, compared to other
+	 * usages of auth_headers().
+	 */
+	auth_headers(code, &respheader, &reqheader);
+
 	authtoken =  get_header(req, reqheader);	
 	if (ignore && !ast_strlen_zero(p->randdata) && ast_strlen_zero(authtoken)) {
 		/* This is a retransmitted invite/register/etc, don't reconstruct authentication