[asterisk-users] Initial REGISTER Request: Contains Credentials before 401
Matthew J. Roth
mroth at imminc.com
Wed May 15 12:28:11 CDT 2013
Brian LaVallee wrote:
>
> My SIP provider is not happy that credentials (in the Authorization header
> field) are provided in the initial REGISTER request.
>
> The SIP provider ONLY wants the credentials AFTER rejecting the message with
> a 401.
>
> I know it's dumb, because the RFC says that the the initial REGISTER message
> MAY include credentials. If it fails, the proper authentication method is
> included in the 401. I know there is nothing wrong, it is how SIP is
> supposed to work.
Who is your SIP provider? They need to be called out so that other Asterisk
users can avoid them. This tendency to flip the customer/vendor relationship on
its head must be discouraged.
> However I would like to keep my SIP provider from complaining.
The only thing they should complain about is if you don't pay your bill on time.
> Asterisk is "NOT SUPPORTED" by the SIP provider.
The REGISTER request was successful so, at least from a practical standpoint,
the provider does support Asterisk. It would be ideal if all providers
officially supported Asterisk, but this is just one example of how it's not
worth trying to please everyone.
> Does anyone in the Asterisk community know how to avoid sending the
> credentials until AFTER receiving a 401?
Edit the source. I'm sorry to be blunt, but I really can't see the developers
adding another option to "sip.conf" just to satisfy such a pointless request.
> Any suggestions would be appreciated!
Ask the provider what platforms are "supported". Pick one of them and use it to
configure the "useragent" and "sdpsession" options in "sip.conf". Or look for
another provider that doesn't waste your time complaining about RFC-compliant
behavior.
Regards,
Matthew Roth
InterMedia Marketing Solutions
Software Engineer and Systems Developer
More information about the asterisk-users
mailing list