[asterisk-bugs] [JIRA] (ASTERISK-22820) [patch] Plaintext auth is still supported in IAX2

Tue Aug 11 05:04:33 CDT 2015

    [ https://issues.asterisk.org/jira/browse/ASTERISK-22820?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=227208#comment-227208 ] 

Joshua Colp commented on ASTERISK-22820:
----------------------------------------

It is possible for this to be implemented, yes. As I mentioned on your other issue since this is just attached here the burden is on someone else to take it through the code review process. Noone has as of yet done that. If you'd like to then this has a much better chance of going in faster.

> [patch] Plaintext auth is still supported in IAX2
> -------------------------------------------------
>
>                 Key: ASTERISK-22820
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-22820
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_iax2
>    Affects Versions: SVN, 12.0.0, 13.0.0
>            Reporter: Eugene
>            Severity: Minor
>         Attachments: asterisk-12-chan_iax2-plaintext-auth-deprecated-v2.diff
>
>
> Starting from draft 2 of RFC 5456 (October 23, 2006) plaintext auth is not supported in IAX2 protocol. Please refer to section 8.6.13 of RFC 5456.
> But plaintext auth is still supported by Asterisk implementation of IAX2. This support should be dropped.
> Attached patch, based on asterisk-dev discussion, adds deprecation warning on startup if 'auth' is set to 'plaintext', changes default values of 'auth' from 'md5, plaintext' to 'md5', and adds note to UPGRADE.txt
> Patch is safe in terms of backwards compatibility, will work even if remote peers have auth=plaintext and we have defaults.
> auth=plaintext setting will remain deprecated in Asterisk 14 and 15, and IAX2 plaintext support will be removed in Asterisk 16.

--
This message was sent by Atlassian JIRA
(v6.2#6252)