[asterisk-bugs] [JIRA] (ASTERISK-27304) Registration with digest authentication in PJSIP fails if a username contains symbol @
Rusty Newton (JIRA)
noreply at issues.asterisk.org
Tue Oct 3 16:44:07 CDT 2017
[ https://issues.asterisk.org/jira/browse/ASTERISK-27304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=238964#comment-238964 ]
Rusty Newton edited comment on ASTERISK-27304 at 10/3/17 4:44 PM:
------------------------------------------------------------------
I'm going to assign this to [~bford] as he worked an issue recently that involved the @ symbol in user names.
ASTERISK-27036
https://gerrit.asterisk.org/#/c/5974/
I think it was fixed by not allowing @ in usernames, so I'm unsure how that decision will affect this other scenarios.
was (Author: rnewton):
I'm going to assign this to [~bford] as he worked an issue recently that involved the @ symbol in user names.
ASTERISK-27036
I think it was fixed by not allowing @ in usernames, so I'm unsure how that decision will affect this other scenarios.
> Registration with digest authentication in PJSIP fails if a username contains symbol @
> --------------------------------------------------------------------------------------
>
> Key: ASTERISK-27304
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-27304
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: pjproject/pjsip
> Affects Versions: 13.16.0
> Environment: Operating system:
> CentOS7, x86_64, kernel 3.10.0-514.
> Reporter: Oleg
> Assignee: Benjamin Keith Ford
> Severity: Minor
> Attachments: pjsip.conf, SIP_digest_response.png
>
>
> For an endpoint with outbound authetication enabled, it is required to provide username in the format “user at domain”. However, outbound authentication fails in case username contains symbol “@” and PJSIP channel driver is used.
> The following options were attempted to resolve this issue.
> Option 1. Provide username in section “auth” in the format:
> username= +74852207186@ yar.ims.ctc.ru
> In this case, Asterisk does not identify the endpoint or send any SIP requests to it. It also provides the following errors in the log:
> ERROR[28847] res_pjsip_outbound_registration.c: Invalid client URI 'sip: +74852207186 at yar.ims.ctc.ru@10.1.1.1:5060' specified on outbound registration 'RostelecomPJ'
> ERROR[28847] res_pjsip/pjsip_options.c: Unable to create request to qualify contact sip: +74852207186@ yar.ims.ctc.ru @10.1.1.1:5060
> Option 2. Provide username in section “auth” in the format:
> username= “+74852207186@ yar.ims.ctc.ru”
> In this case, Asterisk identifies the endpoint and start sending OPTIONS and REGISTER requests. However, SIP digest authentication response generated by Asterisk contains an incorrect value.
> Manipulations with SIP Digest Calculator application reveal that values of “response” parameter generated by Asterisk and by this calculator are identical when the full username, including quotes, is taken as an argument. This makes it impossible to work with usernames containing @, but not containing quote symbols.
> Considering that the same username works with chan_sip driver, it is suggested to enable either Option 1 or Option 2 in PJSIP, namely:
> • allow providing symbol “@” in the username, or
> • exclude quotes around username when this argument is used for SIP digest response calculation.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list