[asterisk-security] [asterisk-dev] [Code Review] SIP: authenticate OPTIONS requests just like we would an INVITE
Olle E. Johansson
oej at edvina.net
Fri Aug 27 15:09:25 CDT 2010
27 aug 2010 kl. 21.24 skrev David Vossel:
> OPTIONS requests should be treated the same as an INVITE... which includes authentication. This patch adds the ability for incoming out of dialog OPTION requests to be authenticated before providing a response indicating whether an extension is available or not. The authentication routine works the exact same way as it does for incoming INVITEs. This means that if a peer has 'insecure=invite' in their peer definition, the same will be true for the processing of the OPTIONS request.
>
We should also add an SDP if possible... There are applications out there who "poke" the other end to find out codec support with OPTIONS.
Thanks for fixing this, it's been needed for a long time.
Now, since you add a lot of extra processing, which people who only use OPTIONS as a "ping" don't want, we should propably have a configuration option for this new behaviour to be backwards compatible. I suggest that option is off by default and your new behaviour is the default.
/O
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-dev
More information about the asterisk-security
mailing list