[asterisk-dev] Plaintext auth support in IAX2
Eugene Varnavsky
varnavruz at gmail.com
Tue Nov 5 03:04:31 CST 2013
>
> Section 8.6.3 of RFC 5456 is "CALLING ANI":
> http://tools.ietf.org/html/rfc5456. I'm guessing that isn't what you were
> referring to.
>
Sorry for typo, I meant section 8.6.13
> Here's what I'd recommend:
>
> - In Asterisk 12, patch chan_iax2 to emit a WARNING if auth=plaintext
> is used. That WARNING should tell a user that the option is deprecated.
> - Additionally, add a note in UPGRADE that the plaintext option has
> been deprecated.
> - In trunk (Asterisk 13), remove support for "plaintext". This means:
> - If a user specified "plaintext", emit an ERROR and reject loading
> chan_iax2. Users should not be allowed to load the channel driver with an
> invalid configuration, and you don't want to "help them" with their
> authentication options.
> - Remove support for plaintext authentication in the code.
> - Add a note in UPGRADE that support for plaintext has been removed.
>
>
Sounds fine for me.
I made a patch for 12 that emits a warning if auth methoid is set to
plaintext, or plaintext is one of auth methods.
I'm going to test it and then upload it to the ticket ASTERISK-22820
Additionally, warning is emitted every time plaintext auth is sent or
accepted. Why? The tricky thing with deprecation is what auth methods we
set as default. As far as I can see inside sources, if auth= parameter is
omitted, auth methods are set to "md5 first, then plaintext".
So, if we leave auth= at defaults, and other side has auth=plaintext, we
will see warning anyway.
Patch adds note to UPGRADE.txt too.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20131105/3d276bed/attachment.html>
More information about the asterisk-dev
mailing list