[asterisk-security] [asterisk-dev] [Code Review] SIP: authenticate OPTIONS requests just like we would an INVITE

Russell Bryant russell at digium.com
Thu Sep 2 11:03:54 CDT 2010


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/881/#review2658
-----------------------------------------------------------

Ship it!



/trunk/channels/chan_sip.c
<https://reviewboard.asterisk.org/r/881/#comment5823>

    Please make the default value a named constant


- Russell


On 2010-08-27 18:04:05, David Vossel wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/881/
> -----------------------------------------------------------
> 
> (Updated 2010-08-27 18:04:05)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Summary
> -------
> 
> OPTIONS requests should be treated the same as an INVITE... which includes authentication.  This patch adds the ability for incoming out of dialog OPTION requests to be authenticated before providing a response indicating whether an extension is available or not.  The authentication routine works the exact same way as it does for incoming INVITEs.  This means that if a peer has 'insecure=invite' in their peer definition, the same will be true for the processing of the OPTIONS request.
> 
> 
> Diffs
> -----
> 
>   /trunk/channels/chan_sip.c 284033 
>   /trunk/channels/sip/include/sip.h 284033 
>   /trunk/configs/sip.conf.sample 284033 
> 
> Diff: https://reviewboard.asterisk.org/r/881/diff
> 
> 
> Testing
> -------
> 
> I have tested this through a variety of sipp scenarios in attempt to verify that the OPTIONS request is treated the exact same as an INVITE request in regards to authentication.  I also tested this patch with Asterisk back to back verifying that qualify=yes still works as expected.  Asterisk's implementation to qualify peers as reachable using OPTIONS request does not care if it gets a"401" or a "200" response.
> 
> 
> Thanks,
> 
> David
> 
>


-- 
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-dev



More information about the asterisk-security mailing list