[Asterisk-Dev] Why Proxy-Authenticate instead of WWW-Authenticate
in chan_sip?
Olle E. Johansson
oej at edvina.net
Thu Jun 9 00:37:45 MST 2005
Steven wrote:
> On Thu, 2005-06-09 at 07:37 +0200, Olle E. Johansson wrote:
>
>>Mikael Magnusson wrote:
>>
>>>Hi,
>>>
>>>It's often mentioned on the list that Asterisk is an user SIP agent and not a
>>>proxy. But why is then Proxy-Authenticate (and 407 Proxy
>>>Authentication Required) used instead of WWW-Authenticate
>>>(and 401 Unauthorized) in chan_sip. According to section 22.1 Framework
>>>in RFC 3261:
>>>
>>> In SIP, a UAS uses the 401 (Unauthorized) response to challenge the
>>> identity of a UAC.
>>>
>>
>>I fully agree, but all patches to fix this has been refused because of
>>fear we might break something. This makes it hard to use Asterisk
>>together with an outbound proxy that authenticates.
>
>
> Has it been tried with a config option to turn it on or off?
Well, no one has proved any problems with fixing it according to
standard. I don't like having default behaviour being non-standard.
(And yes, I don't like the "pedantic" option.. Default behaviour being
non-standard? Tsss).
We could have an option for backwards compatibility, yes, to turn on if
people really need to break the RFCs.
/O
More information about the asterisk-dev
mailing list