[asterisk-dev] [Code Review] 3001: Testsuite: Verify that res_pjsip sends security events for authentication (both successful and failed auths)

Mark Michelson reviewboard at asterisk.org
Fri Nov 8 15:52:07 CST 2013 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/3001/#review10155
-----------------------------------------------------------

Ship it!


Since the only gripe I have is one of those "in theory" type problems, and it's so minor, ship it!


/asterisk/trunk/tests/channels/pjsip/auth_security_events/sipp/register_fail.xml
<https://reviewboard.asterisk.org/r/3001/#comment19431>

    I suggest bumping all of the Expires headers in your REGISTER requests from 15 seconds to 60 seconds.
    
    The default AOR minimum registration currently is 60 seconds. The current behavior of res_pjsip_registrar is to respond to your 15 second expiration by setting the expiration to 60 seconds instead. I can foresee the possibility that the registrar behavior could be changed to reject REGISTERs with small expirations with a 423 response if such behavior were demanded.
    
    Since the expiration of the REGISTERs on this test really doesn't matter, and you're not having to actually wait for them to expire, you may as well future-proof yourself and bump these up to 60 seconds.


- Mark Michelson


On Nov. 8, 2013, 9:25 p.m., Jonathan Rose wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/3001/
> -----------------------------------------------------------
> 
> (Updated Nov. 8, 2013, 9:25 p.m.)
> 
> 
> Review request for Asterisk Developers, Matt Jordan, Mark Michelson, and rmudgett.
> 
> 
> Repository: testsuite
> 
> 
> Description
> -------
> 
> This test primarily tests the issuing of security events.  The security events in this case are for PJSIP authentication, but the concept really applies to all security events.
> 
> 
> Diffs
> -----
> 
>   /asterisk/trunk/tests/channels/pjsip/tests.yaml 4331 
>   /asterisk/trunk/tests/channels/pjsip/auth_security_events/test-config.yaml PRE-CREATION 
>   /asterisk/trunk/tests/channels/pjsip/auth_security_events/sipp/register_pass.xml PRE-CREATION 
>   /asterisk/trunk/tests/channels/pjsip/auth_security_events/sipp/register_fail.xml PRE-CREATION 
>   /asterisk/trunk/tests/channels/pjsip/auth_security_events/configs/ast1/pjsip.conf PRE-CREATION 
>   /asterisk/trunk/tests/channels/pjsip/auth_security_events/configs/ast1/manager.users.conf.inc PRE-CREATION 
> 
> Diff: https://reviewboard.asterisk.org/r/3001/diff/
> 
> 
> Testing
> -------
> 
> Tested that the auths went through as expected and the events were pushed.  Tested that the test fails when security events are disabled for the manager user.
> 
> 
> Thanks,
> 
> Jonathan Rose
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20131108/03309f42/attachment-0001.html>

More information about the asterisk-dev mailing list