[Asterisk-Dev] Authorization header not formatted properly when
REGISTER msg is challenged (algorithm=MD5)
Karl Brose
khb at brose.com
Thu Jul 22 21:11:14 MST 2004
Unlikely, as most do it correctly. SER is doing it correctly. It seems
most devices are actually immune to the
difference.
And I haven't observed any problems running
with a correctly configured Asterisk either.
Rob Gagnon wrote:
>Olle,
>
>the problem is that fixing it without a configuration choice could break
>"compatibility" with other SIP devices that are programmed to look for the
>quoted MD5.
>
>Rob
>
>----- Original Message -----
>From: "Olle E. Johansson" <oej at edvina.net>
>To: <asterisk-dev at lists.digium.com>
>Sent: Thursday, July 22, 2004 4:23 PM
>Subject: Re: [Asterisk-Dev] Authorization header not formatted properly when
>REGISTER msg is challenged (algorithm=MD5)
>
>
>
>
>>Michael Lunsford wrote:
>>
>>
>>
>>>I am new to this forum and am looking for some help on an issue I'm
>>>having with the Asterisk. The company I work for has Cisco BTS 10200s
>>>deployed in several Tier 1 cities through the US with over 13,000
>>>customers to date. Our engineering team is performing interoperability
>>>testing between the Asterisk and the Cisco's BTS 10200 softswitch and
>>>have found an issue.
>>>
>>>With our switch configured to authorize the registration from Asterisk,
>>>the Asterisks responds to the challenge (401 Unauthorized) with an error
>>>in the REGISTER message. The authorization header in the REGISTER msg
>>>from the Asterisk contains 'algorithm="MD5"'. The quote around the MD5
>>>are not per spec in RFC 2617 3.2.1
>>>(http://www.ietf.org/rfc/rfc2617.txt). Section 3.2.2 "The Authorization
>>>Request Header" describes the response a User Agent takes when
>>>challenged with a "401 Unauthorized". It refers section 3.2.1 "The
>>>WWW-Authenticate Response Header" for the framework of the construction
>>>of the message. Referring to 3.2.1, we see that everything that is
>>>supposed to be quoted in the message states either "quoted-string" or
>>>has <"> to indicate that the quotes are supposed to be in the message.
>>>The quotes around the MD5 are not to be included in the message.
>>>
>>>In the source, I removed the quotes so that the authorization header in
>>>the REGISTER message now read 'algorithm=MD5' instead of
>>>'algorithm="MD5"'. The BTS 10200 now accepts the message and sends a 200
>>>OK.
>>>
>>>
>>>
>>You are right. This needs to be changed. Open a bug in bugs.digium.com
>>RFC3261 examples clearly have algorithm=MD5 without quotes.
>>
>>/Olle
>>_______________________________________________
>>Asterisk-Dev mailing list
>>Asterisk-Dev at lists.digium.com
>>http://lists.digium.com/mailman/listinfo/asterisk-dev
>>To UNSUBSCRIBE or update options visit:
>> http://lists.digium.com/mailman/listinfo/asterisk-dev
>>
>>
>
>_______________________________________________
>Asterisk-Dev mailing list
>Asterisk-Dev at lists.digium.com
>http://lists.digium.com/mailman/listinfo/asterisk-dev
>To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-dev
>
>
>
More information about the asterisk-dev
mailing list