diff --git a/include/asterisk/res_pjsip.h b/include/asterisk/res_pjsip.h
index 154e3ddafa305deee4ee913fe666f2bdfd42d230..e77c4568d52e832e7629fc7e7d45f8483ec9411d 100644
--- a/include/asterisk/res_pjsip.h
+++ b/include/asterisk/res_pjsip.h
@@ -1105,6 +1105,7 @@ struct ast_sip_endpoint {
/* the transport name of latest registration */
char *register_transport;
unsigned int max_sessions;
+ char *realms;
};
struct pjsip_register_dest {
diff --git a/res/res_pjsip_outbound_registration.c b/res/res_pjsip_outbound_registration.c
index 72499c5f69176566192c8301ace66e23d3a92cfd..8e5d01a41a41c5d82d95759d6786461def588afe 100644
--- a/res/res_pjsip_outbound_registration.c
+++ b/res/res_pjsip_outbound_registration.c
@@ -2070,6 +2070,28 @@ static int handle_registration_response(void *data)
if (strlen(endpoint->incoming_mwi_mailbox))
mwi_send_subscribe(endpoint, response->expiration);
+ if(endpoint && endpoint->realms){
+ static const pj_str_t headerName = { "Authentication-Info", 19 };
+ pjsip_generic_string_hdr *auth_info = NULL;
+ auth_info = pjsip_msg_find_hdr_by_name(response->rdata->msg_info.msg, &headerName, NULL);
+ if(auth_info){
+ char value[pj_strlen(&((pjsip_generic_string_hdr*)auth_info)->hvalue) + 1];
+ ast_copy_pj_str(value, &((pjsip_generic_string_hdr*)auth_info)->hvalue, sizeof(value));
+ char nextnonce[64];
+ char *_buf = strstr(value, "nextnonce=");
+ if (_buf) {
+ sscanf(_buf, "nextnonce=\"%s", nextnonce);
+ char *buf_s = strstr(nextnonce, "\"");
+ nextnonce[((int)strlen(nextnonce)-(int)strlen(buf_s))]='\0';
+ ast_log(LOG_NOTICE, "received nextnonce: %s\n", nextnonce);
+ pj_str_t nextnonce_pj_str = pj_str(nextnonce);
+ pj_str_t realms_pj_str = pj_str(endpoint->realms);
+ int test_ret = pjsip_regc_update_nextnonce(client_state->client, &nextnonce_pj_str, &realms_pj_str);
+ ast_log(LOG_NOTICE, "pjsip_regc_update_nextnonce: %d, realms:'%s'\n, nextnonce: %s", test_ret, endpoint->realms, nextnonce);
+ }
+ }
+ }
+
} else if (client_state->destroy) {
/* We need to deal with the pending destruction instead. */
} else if (response->code == 494) {
@@ -2686,6 +2708,15 @@ static int set_outbound_initial_authentication_credentials(pjsip_regc *regc,
ast_free((char *) access_token);
}
break;
+ case AST_SIP_AUTH_TYPE_USER_PASS:
+ pj_cstr(&auth_creds[0].realm, auths[idx]->realm);
+ pj_cstr(&auth_creds[0].scheme, "digest");
+ pj_cstr(&auth_creds[0].username, auths[idx]->auth_user);
+ auth_creds[0].data_type = PJSIP_CRED_DATA_PLAIN_PASSWD;
+ pj_cstr(&auth_creds[0].data, auths[idx]->auth_pass);
+ pjsip_regc_set_credentials(regc, 1, auth_creds);
+ struct ast_sip_endpoint *endpoint = ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), "endpoint", ast_sorcery_object_get_id(auths[idx]));
+ endpoint->realms = ast_strdup(auths[idx]->realm);
default:
/* other cases handled after receiving auth rejection */
break;
diff --git a/third-party/pjproject/patches/0021-update-next-nonce.patch b/third-party/pjproject/patches/0021-update-next-nonce.patch
new file mode 100644
index 0000000000000000000000000000000000000000..0ff1e9ca2048302ea715bcbaac5db6d8b43617a2
--- /dev/null
+++ b/third-party/pjproject/patches/0021-update-next-nonce.patch
@@ -0,0 +1,106 @@
+From e5f39a2faca1155d029d0c922df40b15e9fe3b2c Mon Sep 17 00:00:00 2001
+From: "wenpeng.song" <wenpeng.song@iopsys.eu>
+Date: Tue, 15 Apr 2025 09:58:29 +0200
+Subject: [PATCH] update next nonce
+
+---
+ build.symbian/pjsip_uaU.def | 1 +
+ pjsip/include/pjsip-ua/sip_regc.h | 4 ++++
+ pjsip/include/pjsip/sip_auth.h | 12 ++++++++++++
+ pjsip/src/pjsip-ua/sip_reg.c | 8 ++++++++
+ pjsip/src/pjsip/sip_auth_client.c | 15 +++++++++++++++
+ 5 files changed, 40 insertions(+)
+
+diff --git a/build.symbian/pjsip_uaU.def b/build.symbian/pjsip_uaU.def
+index 0c847a994..c9208a198 100644
+--- a/build.symbian/pjsip_uaU.def
++++ b/build.symbian/pjsip_uaU.def
+@@ -56,3 +56,4 @@ EXPORTS
+ pjsip_xfer_initiate @ 55 NONAME
+ pjsip_xfer_notify @ 56 NONAME
+ pjsip_xfer_send_request @ 57 NONAME
++ pjsip_regc_update_nextnonce @ 58 NONAME
+diff --git a/pjsip/include/pjsip-ua/sip_regc.h b/pjsip/include/pjsip-ua/sip_regc.h
+index df97a6011..e4f825baa 100644
+--- a/pjsip/include/pjsip-ua/sip_regc.h
++++ b/pjsip/include/pjsip-ua/sip_regc.h
+@@ -312,6 +312,10 @@ PJ_DECL(pj_status_t) pjsip_regc_set_credentials( pjsip_regc *regc,
+ int count,
+ const pjsip_cred_info cred[] );
+
++PJ_DECL(pj_status_t) pjsip_regc_update_nextnonce( pjsip_regc *regc,
++ const pj_str_t *nextnonce,
++ const pj_str_t *realm );
++
+ /**
+ * Set authentication preference.
+ *
+diff --git a/pjsip/include/pjsip/sip_auth.h b/pjsip/include/pjsip/sip_auth.h
+index fa55830fd..d9d8e0e04 100644
+--- a/pjsip/include/pjsip/sip_auth.h
++++ b/pjsip/include/pjsip/sip_auth.h
+@@ -342,6 +342,18 @@ PJ_DECL(pj_status_t) pjsip_auth_clt_init( pjsip_auth_clt_sess *sess,
+ pj_pool_t *pool,
+ unsigned options);
+
++/**
++ * Update the nonce with the nextnonce received from response.
++ *
++ * @param sess The client authentication session.
++ * @param nextnonce The nextnonce received from response.
++ * @param realm The realm used for the authentication.
++ *
++ * @return PJ_SUCCESS on success.
++ */
++PJ_DECL(pj_status_t) pjsip_auth_clt_update_cache( pjsip_auth_clt_sess *sess,
++ const pj_str_t *nextnonce,
++ const pj_str_t *realm );
+
+ /**
+ * Deinitialize client authentication session data structure.
+diff --git a/pjsip/src/pjsip-ua/sip_reg.c b/pjsip/src/pjsip-ua/sip_reg.c
+index 947e9edb7..d5ff8020b 100644
+--- a/pjsip/src/pjsip-ua/sip_reg.c
++++ b/pjsip/src/pjsip-ua/sip_reg.c
+@@ -434,6 +434,14 @@ PJ_DEF(pj_status_t) pjsip_regc_set_credentials( pjsip_regc *regc,
+ return pjsip_auth_clt_set_credentials(®c->auth_sess, count, cred);
+ }
+
++PJ_DEF(pj_status_t) pjsip_regc_update_nextnonce( pjsip_regc *regc,
++ const pj_str_t *nextnonce,
++ const pj_str_t *realm )
++{
++ PJ_ASSERT_RETURN(regc && nextnonce && realm, PJ_EINVAL);
++ return pjsip_auth_clt_update_cache(®c->auth_sess, nextnonce, realm);
++}
++
+ PJ_DEF(pj_status_t) pjsip_regc_set_prefs( pjsip_regc *regc,
+ const pjsip_auth_clt_pref *pref)
+ {
+diff --git a/pjsip/src/pjsip/sip_auth_client.c b/pjsip/src/pjsip/sip_auth_client.c
+index ee2876d99..e31156d97 100644
+--- a/pjsip/src/pjsip/sip_auth_client.c
++++ b/pjsip/src/pjsip/sip_auth_client.c
+@@ -1528,3 +1528,18 @@ PJ_DEF(pj_status_t) pjsip_auth_clt_reinit_req( pjsip_auth_clt_sess *sess,
+
+ }
+
++
++PJ_DEF(pj_status_t) pjsip_auth_clt_update_cache( pjsip_auth_clt_sess *sess,
++ const pj_str_t *nextnonce,
++ const pj_str_t *realm ){
++
++ PJ_ASSERT_RETURN(sess && nextnonce && realm, PJ_EINVAL);
++ pjsip_cached_auth *cached_auth;
++ cached_auth = find_cached_auth(sess, realm);
++ if (cached_auth) {
++ pj_strdup(cached_auth->pool, &cached_auth->last_chal->challenge.digest.nonce, nextnonce);
++ cached_auth->nc=0;
++ return PJ_SUCCESS;
++ }
++ return PJ_EINVAL;
++}
+--
+2.43.0
+
+
diff --git a/third-party/pjproject/patches/config_site.h b/third-party/pjproject/patches/config_site.h
index 18cbe306cdaa4ebafb66e35a63c3e895652da0f2..3536af964a9402781245375bc06f622e96b0937c 100644
--- a/third-party/pjproject/patches/config_site.h
+++ b/third-party/pjproject/patches/config_site.h
@@ -92,3 +92,5 @@
#define PJSIP_TSX_UAS_CONTINUE_ON_TP_ERROR 0
#define PJ_SSL_SOCK_OSSL_USE_THREAD_CB 0
#define PJSIP_AUTH_ALLOW_MULTIPLE_AUTH_HEADER 1
+#define PJSIP_AUTH_HEADER_CACHING 1
+#define PJSIP_AUTH_AUTO_SEND_NEXT 1