[Asterisk-code-review] res_pjsip: Add mediasec capabilities. (asterisk[16])

Maximilian Fridrich asteriskteam at digium.com
Wed Sep 7 02:10:53 CDT 2022


Attention is currently required from: Joshua Colp, N A.

Maximilian Fridrich has posted comments on this change. ( https://gerrit.asterisk.org/c/asterisk/+/18837 )

Change subject: res_pjsip: Add mediasec capabilities.
......................................................................


Patch Set 8:

(3 comments)

File res/res_pjsip_outbound_registration.c:

https://gerrit.asterisk.org/c/asterisk/+/18837/comment/ca9cb4b8_ef930fa0 
PS8, Line 646: 		(endpt = ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), "endpoint", reg->endpoint)) &&
> Does reg->endpoint have to be set on the outbound registration to work properly when security negoti […]
reg->endpoint does not necessarily have to be set. It is required however, if the security negotiation established during an outbound registration should be re-used (e.g. the Security-Verify headers) for subsequent non-REGISTER requests sent to a contact associated with the endpoint.

If no endpoint is set, subsequent non-REGISTER requests will send requests with Security-Client headers and the peer should reply 494 - so a separate security negotiation takes place for this session/transaction/dialog.

I have added a condition checking if reg->endpoint is set to skip unnecessary sorcery lookups.


File res/res_pjsip_rfc3329.c:

https://gerrit.asterisk.org/c/asterisk/+/18837/comment/50d4766d_eff67431 
PS8, Line 46: 
> Should this be done if security negotiation isn't set?
Good point. I've added two conditions that check the security negotiation set on the endpoint.


File res/res_pjsip_session.c:

https://gerrit.asterisk.org/c/asterisk/+/18837/comment/6be29e5b_528dab62 
PS8, Line 4749: 						if ((tsx->status_code == 401 || tsx->status_code == 407 || tsx->status_code == 494)
> If this is 494 but security negotiation isn't enabled, what is the result? Should it do this again a […]
I've added an additional condition checking if security negotiation is set on the endpoint.



-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/18837
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 16
Gerrit-Change-Id: Ia7f5b5ba42db18074fdd5428c4e1838728586be2
Gerrit-Change-Number: 18837
Gerrit-PatchSet: 8
Gerrit-Owner: Maximilian Fridrich <m.fridrich at commend.com>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: Joshua Colp <jcolp at sangoma.com>
Gerrit-Reviewer: N A <mail at interlinked.x10host.com>
Gerrit-Attention: Joshua Colp <jcolp at sangoma.com>
Gerrit-Attention: N A <mail at interlinked.x10host.com>
Gerrit-Comment-Date: Wed, 07 Sep 2022 07:10:53 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Joshua Colp <jcolp at sangoma.com>
Gerrit-MessageType: comment
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20220907/d9259d77/attachment.html>


More information about the asterisk-code-review mailing list