The section 3.2.1 (The WWW-Authenticate Response Header) from RFC 2617 says:
"algorithm A string indicating a pair of algorithms used to produce the digest and a checksum. If this is not present it is assumed to be "MD5". "
I send a INVITE to Openser but it send back a 407 (Proxy Authentication). The parameter response was OK. But, without the parameter 'algorithm', the proxy didn't allow the authentication. It neither consult at Radius. Looking at the RFC above, the SIP proxy must to use MD5 by default, but it don't accept the message without the parameter. Who needs to assume the algorithm? UAC or SIP Proxy?
Can it be a bug of OpenSER? Or my interpretation is wrong?
Best regards.
Bruno Machado
----- Mensagem original ---- De: Bogdan-Andrei Iancu bogdan@voice-system.ro Para: Bruno Machado bsmufu@yahoo.com.br Cc: users@openser.org Enviadas: Segunda-feira, 29 de Janeiro de 2007 14:21:31 Assunto: Re: [Users] 407 and algorithm=MD5
Hi Bruno,
you cannot configure to have the algorithm param added. If I'm not wrong, the digest RFC says this is an optional param and the default value is MD5.
regards, bogdan
Bruno Machado wrote:
Hi.
When I use the function proxy_challenge(), the 407 don't have the parameter 'algorithm=MD5'. Look below:
... Proxy-Authenticate: Digest realm="proxy.com.br", nonce="45be00f941f137ff037436c77f80a9531a02155f". ...
How can I put this parameter in digest informations?
... Proxy-Authenticate: Digest realm="proxy.com.br", nonce="45be00f941f137ff037436c77f80a9531a02155f", algorithm="MD5". ...
Thanks in advance.
Bruno
Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
__________________________________________________ Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/
Hi Bruno,
can you run the proxy in debug mode and post the output corresponding to INVITE processing?
thanks and regards, bogdan
Bruno Machado wrote:
The section 3.2.1 (The WWW-Authenticate Response Header) from RFC 2617 says:
"algorithm A string indicating a pair of algorithms used to produce the digest and a checksum. If this is not present it is assumed to be "MD5". "
I send a INVITE to Openser but it send back a 407 (Proxy Authentication). The parameter response was OK. But, without the parameter 'algorithm', the proxy didn't allow the authentication. It neither consult at Radius. Looking at the RFC above, the SIP proxy must to use MD5 by default, but it don't accept the message without the parameter. Who needs to assume the algorithm? UAC or SIP Proxy?
Can it be a bug of OpenSER? Or my interpretation is wrong?
Best regards.
Bruno Machado
----- Mensagem original ---- De: Bogdan-Andrei Iancu bogdan@voice-system.ro Para: Bruno Machado bsmufu@yahoo.com.br Cc: users@openser.org Enviadas: Segunda-feira, 29 de Janeiro de 2007 14:21:31 Assunto: Re: [Users] 407 and algorithm=MD5
Hi Bruno,
you cannot configure to have the algorithm param added. If I'm not wrong, the digest RFC says this is an optional param and the default value is MD5.
regards, bogdan
Bruno Machado wrote:
Hi.
When I use the function proxy_challenge(), the 407 don't have the parameter 'algorithm=MD5'. Look below:
... Proxy-Authenticate: Digest realm="proxy.com.br", nonce="45be00f941f137ff037436c77f80a9531a02155f". ...
How can I put this parameter in digest informations?
... Proxy-Authenticate: Digest realm="proxy.com.br", nonce="45be00f941f137ff037436c77f80a9531a02155f", algorithm="MD5". ...
Thanks in advance.
Bruno
Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/
I don't really understand who fails to do what ... but in any case, if MD5 is the default, neither openser proxy or the phone sending the invite should complain for a missing algorithm=MD5 parameter ... both should simply assume this value unless specified otherwise ... thus, the phone, when re-sending the INV with the authentication material, it should do so with MD5 algorithm ...
Cesc
On 2/1/07, Bruno Machado bsmufu@yahoo.com.br wrote:
The section 3.2.1 (The WWW-Authenticate Response Header) from RFC 2617 says:
"algorithm A string indicating a pair of algorithms used to produce the digest and a checksum. If this is not present it is assumed to be "MD5". "
I send a INVITE to Openser but it send back a 407 (Proxy Authentication). The parameter response was OK. But, without the parameter 'algorithm', the proxy didn't allow the authentication. It neither consult at Radius. Looking at the RFC above, the SIP proxy must to use MD5 by default, but it don't accept the message without the parameter. Who needs to assume the algorithm? UAC or SIP Proxy?
Can it be a bug of OpenSER? Or my interpretation is wrong?
Best regards.
Bruno Machado
----- Mensagem original ---- De: Bogdan-Andrei Iancu bogdan@voice-system.ro Para: Bruno Machado bsmufu@yahoo.com.br Cc: users@openser.org Enviadas: Segunda-feira, 29 de Janeiro de 2007 14:21:31 Assunto: Re: [Users] 407 and algorithm=MD5
Hi Bruno,
you cannot configure to have the algorithm param added. If I'm not wrong, the digest RFC says this is an optional param and the default value is MD5.
regards, bogdan
Bruno Machado wrote:
Hi.
When I use the function proxy_challenge(), the 407 don't have the parameter 'algorithm=MD5'. Look below:
... Proxy-Authenticate: Digest realm="proxy.com.br", nonce="45be00f941f137ff037436c77f80a9531a02155f". ...
How can I put this parameter in digest informations?
... Proxy-Authenticate: Digest realm="proxy.com.br", nonce="45be00f941f137ff037436c77f80a9531a02155f", algorithm="MD5". ...
Thanks in advance.
Bruno
Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/ _______________________________________________ Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Hi Cesc,
actually this is the idea here. The key question is if both parties - server and client- do use the default algorithm if non is explicitly set.
but this is not a problem from OpenSER point of view as it supports only the MD5 algorithm :).
regards, bogdan
Cesc wrote:
I don't really understand who fails to do what ... but in any case, if MD5 is the default, neither openser proxy or the phone sending the invite should complain for a missing algorithm=MD5 parameter ... both should simply assume this value unless specified otherwise ... thus, the phone, when re-sending the INV with the authentication material, it should do so with MD5 algorithm ...
Cesc
On 2/1/07, Bruno Machado bsmufu@yahoo.com.br wrote:
The section 3.2.1 (The WWW-Authenticate Response Header) from RFC 2617 says:
"algorithm A string indicating a pair of algorithms used to produce the digest and a checksum. If this is not present it is assumed to be "MD5". "
I send a INVITE to Openser but it send back a 407 (Proxy Authentication). The parameter response was OK. But, without the parameter 'algorithm', the proxy didn't allow the authentication. It neither consult at Radius. Looking at the RFC above, the SIP proxy must to use MD5 by default, but it don't accept the message without the parameter. Who needs to assume the algorithm? UAC or SIP Proxy?
Can it be a bug of OpenSER? Or my interpretation is wrong?
Best regards.
Bruno Machado
----- Mensagem original ---- De: Bogdan-Andrei Iancu bogdan@voice-system.ro Para: Bruno Machado bsmufu@yahoo.com.br Cc: users@openser.org Enviadas: Segunda-feira, 29 de Janeiro de 2007 14:21:31 Assunto: Re: [Users] 407 and algorithm=MD5
Hi Bruno,
you cannot configure to have the algorithm param added. If I'm not wrong, the digest RFC says this is an optional param and the default value is MD5.
regards, bogdan
Bruno Machado wrote:
Hi.
When I use the function proxy_challenge(), the 407 don't have the parameter 'algorithm=MD5'. Look below:
... Proxy-Authenticate: Digest realm="proxy.com.br", nonce="45be00f941f137ff037436c77f80a9531a02155f". ...
How can I put this parameter in digest informations?
... Proxy-Authenticate: Digest realm="proxy.com.br", nonce="45be00f941f137ff037436c77f80a9531a02155f", algorithm="MD5". ...
Thanks in advance.
Bruno
Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/ _______________________________________________ Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users