[Asterisk-Dev] Authorization header not formatted properly when REGISTER msg is challenged (algorithm=MD5)

Rob Gagnon rob at networkip.net
Thu Jul 22 16:11:21 MST 2004


the problem is that fixing it without a configuration choice could break
"compatibility" with other SIP devices that are programmed to look for the
quoted MD5.


----- Original Message ----- 
From: "Olle E. Johansson" <oej at edvina.net>
To: <asterisk-dev at lists.digium.com>
Sent: Thursday, July 22, 2004 4:23 PM
Subject: Re: [Asterisk-Dev] Authorization header not formatted properly when
REGISTER msg is challenged (algorithm=MD5)

> Michael Lunsford wrote:
> > I am new to this forum and am looking for some help on an issue I'm
> > having with the Asterisk. The company I work for has Cisco BTS 10200s
> > deployed in several Tier 1 cities through the US with over 13,000
> > customers to date. Our engineering team is performing interoperability
> > testing between the Asterisk and the Cisco's BTS 10200 softswitch and
> > have found an issue.
> >
> > With our switch configured to authorize the registration from Asterisk,
> > the Asterisks responds to the challenge (401 Unauthorized) with an error
> > in the REGISTER message. The authorization header in the REGISTER msg
> > from the Asterisk contains 'algorithm="MD5"'. The quote around the MD5
> > are not per spec in RFC 2617 3.2.1
> > (http://www.ietf.org/rfc/rfc2617.txt).  Section 3.2.2 "The Authorization
> > Request Header" describes the response a User Agent takes when
> > challenged with a "401 Unauthorized". It refers section 3.2.1 "The
> > WWW-Authenticate Response Header" for the framework of the construction
> > of the message. Referring to 3.2.1, we see that everything that is
> > supposed to be quoted in the message states either "quoted-string" or
> > has <"> to indicate that the quotes are supposed to be in the message.
> > The quotes around the MD5 are not to be included in the message.
> >
> > In the source, I removed the quotes so that the authorization header in
> > the REGISTER message now read 'algorithm=MD5' instead of
> > 'algorithm="MD5"'. The BTS 10200 now accepts the message and sends a 200
> > OK.
> >
> You are right. This needs to be changed. Open a bug in bugs.digium.com
> RFC3261 examples clearly have algorithm=MD5 without quotes.
> /Olle
> _______________________________________________
> Asterisk-Dev mailing list
> Asterisk-Dev at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-dev
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev

More information about the asterisk-dev mailing list