Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
SIP digest auth: Improve handling for multiple digest challenges
Before this patch, OpenSIPS would always work with the digest credentials of the 1st WWW/Proxy-Authenticate header field. While RFC 3261 does not define the behavior with multiple WWW/Proxy-Authenticate headers, in § 22.3 it is stated that: Note that if an authentication scheme that does not support realms is used in the Proxy-Authorization header field, a proxy server MUST attempt to parse all Proxy-Authorization header field values to determine whether one of them has what the proxy server considers to be valid credentials. ... so a proxy must _walk_ through unacceptable headers until it finds one with "valid" credentials. In the context of the upcoming RFC 8760, this would also mean: finding an auth header field with an MD5 digest algorithm, which is the only one currently supported. TL;DR: this patch improves the "uac", "uac_registrant" and "b2b_entities" modules so they correctly process 3 WWW-Authenticate headers with the following algorithm preference: algorithm=SHA-512-256 algorithm=SHA-256 algorithm=MD5 ... and correctly build an MD5-based response for the 3rd header field. Issue discovered during OpenSIPIt 2020
- Loading branch information
1 parent
6a559d5
commit 27d5862
Showing
6 changed files
with
73 additions
and
47 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters