[Asterisk-Dev] Why Proxy-Authenticate instead of WWW-Authenticate in chan_sip?

Dan Evans devans at invores.com
Thu Jun 9 06:19:35 MST 2005


* doesn't always use Proxy-Authenticate.  Trace a REGISTER request to 
Nufone (User-Agent: Asterisk PBX) and it responds with a 401 
Unauthorized and a WWW-Authenticate: header, and my * in turn sends 
Authorization:  VoicePulse (also User-Agent: Asterisk PBX) responds with 
407 Proxy Authentication Required and a Proxy-Authenticate: header, and 
my * responds in kind with Proxy-Authorization:.

Seems like it's already configurable.

Dan

Olle E. Johansson wrote:
> Steven wrote:
> 
>>On Thu, 2005-06-09 at 07:37 +0200, Olle E. Johansson wrote:
>>
>>
>>>Mikael Magnusson wrote:
>>>
>>>
>>>>Hi,
>>>>
>>>>It's often mentioned on the list that Asterisk is an user SIP agent and not a 
>>>>proxy. But why is then Proxy-Authenticate (and 407 Proxy
>>>>Authentication Required) used instead of WWW-Authenticate
>>>>(and 401 Unauthorized) in chan_sip. According to section 22.1 Framework
>>>>in RFC 3261:
>>>>
>>>> In SIP, a UAS uses the 401 (Unauthorized) response to challenge the
>>>> identity of a UAC.
>>>>
>>>
>>>I fully agree, but all patches to fix this has been refused because of
>>>fear we might break something. This makes it hard to use Asterisk
>>>together with an outbound proxy that authenticates.
>>
>>
>>Has it been tried with a config option to turn it on or off? 
> 
> Well, no one has proved any problems with fixing it according to
> standard. I don't like having default behaviour being non-standard.
> (And yes, I don't like the "pedantic" option.. Default behaviour being
> non-standard? Tsss).
> 
> We could have an option for backwards compatibility, yes, to turn on if
> people really need to break the RFCs.
> 
> /O
> _______________________________________________
> Asterisk-Dev mailing list
> Asterisk-Dev at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-dev
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev
> 




More information about the asterisk-dev mailing list