[asterisk-bugs] [JIRA] (ASTERISK-22820) [patch] Plaintext auth is still supported in IAX2

Eugene (JIRA) noreply at issues.asterisk.org
Sun Nov 16 02:57:29 CST 2014 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-22820?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Eugene updated ASTERISK-22820:
------------------------------

          Description: 
Starting from draft 2 of RFC 5456 (October 23, 2006) plaintext auth is not supported in IAX2 protocol. Please refer to section 8.6.13 of RFC 5456.

But plaintext auth is still supported by Asterisk implementation of IAX2. This support should be dropped.

Attached patch, based on asterisk-dev discussion, adds deprecation warning on startup if 'auth' is set to 'plaintext', changes default values of 'auth' from 'md5, plaintext' to 'md5', and adds note to UPGRADE.txt

Patch is safe in terms of backwards compatibility, will work even if remote peers have auth=plaintext and we have defaults.

auth=plaintext setting will remain deprecated in Asterisk 14 and 15, and IAX2 plaintext support will be removed in Asterisk 16.

  was:
Starting from draft 2 of RFC 5456 (October 23, 2006) plaintext auth is not supported in IAX2 protocol. Please refer to section 8.6.13 of RFC 5456.

But plaintext auth is still supported by Asterisk implementation of IAX2. This support should be dropped.

Attached patch, based on asterisk-dev discussion, adds deprecation warning on startup if 'auth' is set to 'plaintext', changes default values of 'auth' from 'md5, plaintext' to 'md5', and adds note to UPGRADE.txt

Patch is safe in terms of backwards compatibility, will work even if remote peers have auth=plaintext and we have defaults.

auth=plaintext setting will remain deprecated in Asterisk 12 and 13, and IAX2 plaintext support will be removed in Asterisk 14.

    Affects Version/s: 13.0.0

> [patch] Plaintext auth is still supported in IAX2
> -------------------------------------------------
>
>                 Key: ASTERISK-22820
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-22820
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_iax2
>    Affects Versions: SVN, 12.0.0, 13.0.0
>            Reporter: Eugene
>            Severity: Minor
>         Attachments: asterisk-12-chan_iax2-plaintext-auth-deprecated-v2.diff
>
>
> Starting from draft 2 of RFC 5456 (October 23, 2006) plaintext auth is not supported in IAX2 protocol. Please refer to section 8.6.13 of RFC 5456.
> But plaintext auth is still supported by Asterisk implementation of IAX2. This support should be dropped.
> Attached patch, based on asterisk-dev discussion, adds deprecation warning on startup if 'auth' is set to 'plaintext', changes default values of 'auth' from 'md5, plaintext' to 'md5', and adds note to UPGRADE.txt
> Patch is safe in terms of backwards compatibility, will work even if remote peers have auth=plaintext and we have defaults.
> auth=plaintext setting will remain deprecated in Asterisk 14 and 15, and IAX2 plaintext support will be removed in Asterisk 16.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list