[asterisk-bugs] [JIRA] (ASTERISK-24646) PJSIP changeset 4899 breaks TLS
Stephan Eisvogel (JIRA)
noreply at issues.asterisk.org
Mon Jan 12 17:07:34 CST 2015
[ https://issues.asterisk.org/jira/browse/ASTERISK-24646?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=224412#comment-224412 ]
Stephan Eisvogel commented on ASTERISK-24646:
---------------------------------------------
Applied second patch with 11-trunk, now working with latest CSipSimple 1.02.03 r2456 nightly.
Good job, you are a fast programmer. ;-) This should be reviewed and verified by other people now.
Typo/cosmetic fixes I found looking through the patch:
--- ASTERISK-24646-chan_sip.patch.txt.orig 2015-01-12 23:56:16.139299682 +0100
+++ ASTERISK-24646-chan_sip.patch.txt 2015-01-12 23:43:06.712679189 +0100
@@ -18,7 +18,7 @@
+}
+/*!
-+ * \brief Determine if, as a UAS, we need to use a SIPS contact.
++ * \brief Determine if, as a UAS, we need to use a SIPS Contact.
+ *
+ * This uses the rules defined in RFC 3261 section 12.1.1 to
+ * determine if a SIPS URI should be used as the Contact header
@@ -53,7 +53,7 @@
+/*!
+ * \brief Determine if, as a UAC, we need to use a SIPS Contact.
+ *
-+ * This uses the rules defined in RFC 3621 sectcion 8.1.1.8 to
++ * This uses the rules defined in RFC 3621 section 8.1.1.8 to
+ * determine if a SIPS URI should be used as the Contact header
+ * on our outgoing request.
+ *
@@ -91,7 +91,7 @@
+ *
+ * \param p The sip_pvt where the built Contact will be saved.
+ * \param req The request that triggered the creation of a Contact header.
-+ * \praram incoming Indicates if the Contact header is being created for a response to an incoming request
++ * \param incoming Indicates if the Contact header is being created for a response to an incoming request
+ */
+static void build_contact(struct sip_pvt *p, struct sip_request *req, int incoming)
{
> PJSIP changeset 4899 breaks TLS
> -------------------------------
>
> Key: ASTERISK-24646
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-24646
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_sip/Interoperability
> Affects Versions: 11.15.0
> Environment: Linux; hostile
> Reporter: Stephan Eisvogel
> Assignee: Mark Michelson
> Attachments: ASTERISK-24646-chan_sip.patch, ASTERISK-24646.patch, sip-trace.txt
>
>
> PJSIP as of changeset 4899 (https://trac.pjsip.org/repos/changeset/4899) has started verifying the Contact-header sent by the server to be of the SIPS scheme if transport is TLS. It will not check the Contact-header for ";transport=TLS" as sent by Asterisk.
> As a result, registration by a client using this well-known stack will succeed, but any call attempt will terminate. A SIP trace will show the message "Warning: 381 localhost SIPS Required" going from the client to the server.
> This was found using CSipSimple-trunk, other clients e.g. MicroSIP will likely follow, once this change has crept into their code bases.
> The issue has previously been discussed last year here http://lists.digium.com/pipermail/asterisk-dev/2013-September/062567.html Asterisk developers were of the opinion that using SIPS in Contact-header will break proxying up a chain. PJSIP developers seem to be of the opinion they are following RFCs. And I am puzzled, looking for a resolution.
> Workarounds/fixes I could identify:
> 1. Set disable_secure_dlg_check = PJ_TRUE on clients using PJSIP
> 2. Modify PJSIP's pjsip_inv_verify_request3 to check for ;transport=TLS not only in Record-Route-header but also in Contact-header.
> 3. Patch Asterisk to emit SIPS scheme when transport is TLS
> I suggest identifying first, if this should be an Asterisk issue at all, or be brought up with PJSIP developers to change the default behaviour.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list