[asterisk-bugs] [JIRA] (ASTERISK-22820) [patch] Plaintext auth is still supported in IAX2

Eugene (JIRA) noreply at issues.asterisk.org
Sat Dec 21 03:17:02 CST 2013 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-22820?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Eugene updated ASTERISK-22820:
------------------------------

    Description: 
Starting from draft 2 of RFC 5456 (October 23, 2006) plaintext auth is not supported in IAX2 protocol. Please refer to section 8.6.13 of RFC 5456.

But plaintext auth is still supported by Asterisk implementation of IAX2. This support should be dropped.

Attached patch, based on asterisk-dev discussion, adds deprecation warning on startup if 'auth' is set to 'plaintext', changes default values of 'auth' from 'md5, plaintext' to 'md5', and adds note to UPGRADE.txt

Patch is safe in terms of backwards compatibility, will work even if remote peers have auth=plaintext and we have defaults.

auth=plaintext setting will remain deprecated in Asterisk 12 and 13, and IAX2 plaintext support will be removed in Asterisk 14.

  was:
Starting from draft 2 of RFC 5456 (October 23, 2006) plaintext auth is not supported in IAX2 protocol. Please refer to section 8.6.13 of RFC 5456.

But plaintext auth is still supported by Asterisk implementation of IAX2. This support should be dropped.

Attached patch, based on asterisk-dev discussion, adds deprecation warning on startup if 'auth' is set to 'plaintext', changes default values of 'auth' from 'md5, plaintext' to 'md5', and adds note to UPGRADE.txt

auth=plaintext setting will remain deprecated in Asterisk 12 and 13, and IAX2 plaintext support will be removed in Asterisk 14.

    
> [patch] Plaintext auth is still supported in IAX2
> -------------------------------------------------
>
>                 Key: ASTERISK-22820
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-22820
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_iax2
>    Affects Versions: SVN, 12.0.0
>            Reporter: Eugene
>            Severity: Minor
>         Attachments: asterisk-12-chan_iax2-plaintext-auth-deprecated-v2.diff
>
>
> Starting from draft 2 of RFC 5456 (October 23, 2006) plaintext auth is not supported in IAX2 protocol. Please refer to section 8.6.13 of RFC 5456.
> But plaintext auth is still supported by Asterisk implementation of IAX2. This support should be dropped.
> Attached patch, based on asterisk-dev discussion, adds deprecation warning on startup if 'auth' is set to 'plaintext', changes default values of 'auth' from 'md5, plaintext' to 'md5', and adds note to UPGRADE.txt
> Patch is safe in terms of backwards compatibility, will work even if remote peers have auth=plaintext and we have defaults.
> auth=plaintext setting will remain deprecated in Asterisk 12 and 13, and IAX2 plaintext support will be removed in Asterisk 14.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list