[asterisk-security] [asterisk-dev] [Code Review] SIP: authenticate OPTIONS requests just like we would an INVITE
Russell Bryant
russell at digium.com
Thu Sep 2 11:03:54 CDT 2010
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/881/#review2658
-----------------------------------------------------------
Ship it!
/trunk/channels/chan_sip.c
<https://reviewboard.asterisk.org/r/881/#comment5823>
Please make the default value a named constant
- Russell
On 2010-08-27 18:04:05, David Vossel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/881/
> -----------------------------------------------------------
>
> (Updated 2010-08-27 18:04:05)
>
>
> Review request for Asterisk Developers.
>
>
> Summary
> -------
>
> OPTIONS requests should be treated the same as an INVITE... which includes authentication. This patch adds the ability for incoming out of dialog OPTION requests to be authenticated before providing a response indicating whether an extension is available or not. The authentication routine works the exact same way as it does for incoming INVITEs. This means that if a peer has 'insecure=invite' in their peer definition, the same will be true for the processing of the OPTIONS request.
>
>
> Diffs
> -----
>
> /trunk/channels/chan_sip.c 284033
> /trunk/channels/sip/include/sip.h 284033
> /trunk/configs/sip.conf.sample 284033
>
> Diff: https://reviewboard.asterisk.org/r/881/diff
>
>
> Testing
> -------
>
> I have tested this through a variety of sipp scenarios in attempt to verify that the OPTIONS request is treated the exact same as an INVITE request in regards to authentication. I also tested this patch with Asterisk back to back verifying that qualify=yes still works as expected. Asterisk's implementation to qualify peers as reachable using OPTIONS request does not care if it gets a"401" or a "200" response.
>
>
> Thanks,
>
> David
>
>
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-dev
More information about the asterisk-security
mailing list