[asterisk-dev] Multiple authorization header for a SIP message. More info to the bug report.

Eduardo Ferro eferro at alea-soluciones.com
Sun Jan 17 17:10:40 CST 2010 

Hi everybody

The bug 11245 (https://issues.asterisk.org/view.php?id=11245) (Asterisk
unable to handle Multple Authorization Headers) was closed because the use
of multiple  authorization headers for the same realm apparently was not
valid (following the SIP RFCs)... so It seems that it was only a
eMTA/ATA/Phone problem.
Related with this problem, the support team of Arris International (at
Europe) (the manufacturer of the device with this behavior...) sended the
following info:

----------------------------------------------------------------
In RFC3261, Section 22.3 "Proxy-to-User Authentication", the spec states
that:

  "It is possible for multiple challenges associated with the same realm
   to appear in the same 401 (Unauthorized) or 407 (Proxy Authentication
   Required).  This can occur, for example, when multiple proxies within
   the same administrative domain, which use a common realm, are reached
   by a forking request.  When it retries a request, a UAC MAY therefore
   supply multiple credentials in Authorization or Proxy-Authorization
   header fields with the same "realm" parameter value.  The same
   credentials SHOULD be used for the same realm."

Although I doubt this has any advantage, it is not really forbidden. In
fact, most commercial proxies have no problems with multiple auth headers.
----------------------------------------------------------------

We have no problem with this, because we have a flag at the devices config
files to change this behavior, but I am personally interested
to understand if this is really a Asterisk bug, and If it'll be interesting
to change the asterisk sip messages authorization process, or it is not a
problem at all ???

Any way, I think that It will be interesting to add this info to the bug,
even if the bug is not reopened.

Any opinion related with this??? Is a bug??

Thanks in advance

Best regards...
-- 
Hasta otra!!!
   Eduardo Ferro Aldama
   Alea Soluciones

   http://www.alea-soluciones.com
   http://oss.alea-soluciones.com
   http://doc.alea-soluciones.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-dev/attachments/20100118/3683b9dd/attachment.htm

More information about the asterisk-dev mailing list