[asterisk-bugs] [Asterisk 0012278]: [patch] Add Server: instead of User-Agent: header in Asterisk generated SIP responses
noreply at bugs.digium.com
noreply at bugs.digium.com
Tue Mar 25 05:49:45 CDT 2008
The following issue has been ASSIGNED.
======================================================================
http://bugs.digium.com/view.php?id=12278
======================================================================
Reported By: rjain
Assigned To: oej
======================================================================
Project: Asterisk
Issue ID: 12278
Category: Channels/chan_sip/General
Reproducibility: always
Severity: trivial
Priority: normal
Status: assigned
Asterisk Version: SVN
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!): 110578
Disclaimer on File?: N/A
Request Review:
======================================================================
Date Submitted: 03-22-2008 19:36 CDT
Last Modified: 03-25-2008 05:49 CDT
======================================================================
Summary: [patch] Add Server: instead of User-Agent: header in
Asterisk generated SIP responses
Description:
Asterisk currently inserts User-Agent: header in the SIP responses it
generates. A SIP UAS should insert Server: header instead. The Server: and
User-Agent: are meant for human consumption and not automaton, thus this
isn't really a software bug. But, it is inconsistent with other SIP
implementations and a bit of annoyance when you're looking at SIP traces
that include Asterisk SIP messaging.
Below are sections of RFC 3261 that explain the roles of User-Agent: and
Server: headers.
20.35 Server
The Server header field contains information about the software used
by the UAS to handle the request.
Revealing the specific software version of the server might allow the
server to become more vulnerable to attacks against software that is
known to contain security holes. Implementers SHOULD make the Server
header field a configurable option.
Example:
Server: HomeServer v2
20.41 User-Agent
The User-Agent header field contains information about the UAC
originating the request. The semantics of this header field are
defined in [H14.43].
Revealing the specific software version of the user agent might allow
the user agent to become more vulnerable to attacks against software
that is known to contain security holes. Implementers SHOULD make
the User-Agent header field a configurable option.
Example:
User-Agent: Softphone Beta1.5
======================================================================
----------------------------------------------------------------------
svnbot - 03-25-08 05:49
----------------------------------------------------------------------
Repository: asterisk
Revision: 110625
U trunk/channels/chan_sip.c
------------------------------------------------------------------------
r110625 | oej | 2008-03-25 05:49:42 -0500 (Tue, 25 Mar 2008) | 6 lines
Use the "Server" header when responding to SIP requests.
(closes issue http://bugs.digium.com/view.php?id=12278)
Reported by: rjain
Patches:
chan_sip.c.diff uploaded by rjain (license 226)
------------------------------------------------------------------------
http://svn.digium.com/view/asterisk?view=rev&revision=110625
Issue History
Date Modified Username Field Change
======================================================================
03-25-08 05:49 svnbot Checkin
03-25-08 05:49 svnbot Note Added: 0084480
03-25-08 05:49 svnbot Status new => assigned
03-25-08 05:49 svnbot Assigned To => oej
======================================================================
More information about the asterisk-bugs
mailing list