[Asterisk-Dev] Why Proxy-Authenticate instead of WWW-Authenticate in chan_sip?

Olle E. Johansson oej at edvina.net
Thu Jun 9 00:37:45 MST 2005


Steven wrote:
> On Thu, 2005-06-09 at 07:37 +0200, Olle E. Johansson wrote:
> 
>>Mikael Magnusson wrote:
>>
>>>Hi,
>>>
>>>It's often mentioned on the list that Asterisk is an user SIP agent and not a 
>>>proxy. But why is then Proxy-Authenticate (and 407 Proxy
>>>Authentication Required) used instead of WWW-Authenticate
>>>(and 401 Unauthorized) in chan_sip. According to section 22.1 Framework
>>>in RFC 3261:
>>>
>>>  In SIP, a UAS uses the 401 (Unauthorized) response to challenge the
>>>  identity of a UAC.
>>>
>>
>>I fully agree, but all patches to fix this has been refused because of
>>fear we might break something. This makes it hard to use Asterisk
>>together with an outbound proxy that authenticates.
> 
> 
> Has it been tried with a config option to turn it on or off? 
Well, no one has proved any problems with fixing it according to
standard. I don't like having default behaviour being non-standard.
(And yes, I don't like the "pedantic" option.. Default behaviour being
non-standard? Tsss).

We could have an option for backwards compatibility, yes, to turn on if
people really need to break the RFCs.

/O



More information about the asterisk-dev mailing list