[asterisk-dev] [Code Review] SIP authentication support
Olle E. Johansson
oej at edvina.net
Mon Feb 11 16:09:27 CST 2013
11 feb 2013 kl. 22:08 skrev "Mark Michelson" <reviewboard at asterisk.org>:
> This means that Asterisk may send multiple WWW-Authenticate headers out in an authentication challenge and can cope with multiple Authorization headers in requests.
A small clarification:
An endpoint that wants to authenticate a request should only send ONE www-authenticate in one response.
It can receive multiple proxy-authenticate and ONE www-authenticate in a response, and thus needs to send multiple proxyauth and one www auth in a request.
Now, if we have multiple auth methods as a server, like md5 and SHA256 I don't know what to do really... This needs to be investigated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the asterisk-dev