1 Feb
2007
1 Feb
'07
3:12 p.m.
The section 3.2.1 (The WWW-Authenticate Response Header) from RFC 2617 says:
"algorithm
A string indicating a pair of algorithms used to produce the digest
and a checksum. If this is not present it is assumed to be "MD5".
"
I send a INVITE to Openser but it send back a 407 (Proxy Authentication).
The parameter response was OK. But, without the parameter 'algorithm', the proxy
didn't allow the authentication. It neither consult at Radius.
Looking at the RFC above, the SIP proxy must to use MD5 by default, but it
don't accept the message without the parameter. Who needs to assume the algorithm?
UAC or SIP Proxy?
Can it be a bug of OpenSER? Or my interpretation is wrong?
Best regards.
Bruno Machado
----- Mensagem original ----
De: Bogdan-Andrei Iancu <bogdan(a)voice-system.ro>
Para: Bruno Machado <bsmufu(a)yahoo.com.br>
Cc: users(a)openser.org
Enviadas: Segunda-feira, 29 de Janeiro de 2007 14:21:31
Assunto: Re: [Users] 407 and algorithm=MD5
Hi Bruno,
you cannot configure to have the algorithm param added. If I'm not
wrong, the digest RFC says this is an optional param and the default
value is MD5.
regards,
bogdan
Bruno Machado wrote:
Hi.
When I use the function proxy_challenge(), the 407 don't have the
parameter 'algorithm=MD5'. Look below:
...
Proxy-Authenticate: Digest realm="proxy.com.br",
nonce="45be00f941f137ff037436c77f80a9531a02155f".
...
How can I put this parameter in digest informations?
...
Proxy-Authenticate: Digest realm="proxy.com.br",
nonce="45be00f941f137ff037436c77f80a9531a02155f",
algorithm="MD5".
...
Thanks in advance.
Bruno
__________________________________________________
Fale com seus amigos de graça com o novo Yahoo! Messenger
http://br.messenger.yahoo.com/
------------------------------------------------------------------------
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
__________________________________________________
Fale com seus amigos de graça com o novo Yahoo! Messenger
http://br.messenger.yahoo.com/
1 Feb
1 Feb
5:43 p.m.
Hi Bruno,
can you run the proxy in debug mode and post the output corresponding to
INVITE processing?
thanks and regards,
bogdan
Bruno Machado wrote:
The section 3.2.1 (The WWW-Authenticate Response
Header) from RFC 2617
says:
"algorithm
A string indicating a pair of algorithms used to produce the digest
and a checksum. If this is not present it is assumed to be "MD5".
"
I send a INVITE to Openser but it send back a 407 (Proxy Authentication).
The parameter response was OK. But, without the parameter 'algorithm', the proxy
didn't allow the authentication. It neither consult at Radius.
Looking at the RFC above, the SIP proxy must to use MD5 by default, but it
don't accept the message without the parameter. Who needs to assume the algorithm?
UAC or SIP Proxy?
Can it be a bug of OpenSER? Or my interpretation is
wrong?
Best regards.
Bruno Machado
----- Mensagem original ----
De: Bogdan-Andrei Iancu <bogdan(a)voice-system.ro>
Para: Bruno Machado <bsmufu(a)yahoo.com.br>
Cc: users(a)openser.org
Enviadas: Segunda-feira, 29 de Janeiro de 2007 14:21:31
Assunto: Re: [Users] 407 and algorithm=MD5
Hi Bruno,
you cannot configure to have the algorithm param added. If I'm not
wrong, the digest RFC says this is an optional param and the default
value is MD5.
regards,
bogdan
Bruno Machado wrote:
Hi.
When I use the function proxy_challenge(), the 407 don't have the
parameter 'algorithm=MD5'. Look below:
...
Proxy-Authenticate: Digest realm="proxy.com.br",
nonce="45be00f941f137ff037436c77f80a9531a02155f".
...
How can I put this parameter in digest informations?
...
Proxy-Authenticate: Digest realm="proxy.com.br",
nonce="45be00f941f137ff037436c77f80a9531a02155f",
algorithm="MD5".
...
Thanks in advance.
Bruno
__________________________________________________
Fale com seus amigos de graça com o novo Yahoo! Messenger
http://br.messenger.yahoo.com/
------------------------------------------------------------------------
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
__________________________________________________
Fale com seus amigos de graça com o novo Yahoo! Messenger
http://br.messenger.yahoo.com/ 
6:15 p.m.
New subject: [Users] 407 and algorithm=MD5
I don't really understand who fails to do what ... but in any case, if
MD5 is the default, neither openser proxy or the phone sending the
invite should complain for a missing algorithm=MD5 parameter ... both
should simply assume this value unless specified otherwise ... thus,
the phone, when re-sending the INV with the authentication material,
it should do so with MD5 algorithm ...
Cesc
On 2/1/07, Bruno Machado <bsmufu(a)yahoo.com.br> wrote:
The section 3.2.1 (The WWW-Authenticate Response Header) from RFC 2617 says:
"algorithm
A string indicating a pair of algorithms used to produce the digest
and a checksum. If this is not present it is assumed to be "MD5".
"
I send a INVITE to Openser but it send back a 407 (Proxy Authentication).
The parameter response was OK. But, without the parameter 'algorithm', the
proxy
didn't allow the authentication. It neither consult at Radius.
Looking at the RFC above, the SIP proxy must to use MD5 by default, but it
don't accept the message without the parameter. Who needs to assume the
algorithm?
UAC or SIP Proxy?
Can it be a bug of OpenSER? Or my interpretation is
wrong?
Best regards.
Bruno Machado
----- Mensagem original ----
De: Bogdan-Andrei Iancu <bogdan(a)voice-system.ro>
Para: Bruno Machado <bsmufu(a)yahoo.com.br>
Cc: users(a)openser.org
Enviadas: Segunda-feira, 29 de Janeiro de 2007 14:21:31
Assunto: Re: [Users] 407 and algorithm=MD5
Hi Bruno,
you cannot configure to have the algorithm param added. If I'm not
wrong, the digest RFC says this is an optional param and the default
value is MD5.
regards,
bogdan
Bruno Machado wrote:
Hi.
When I use the function proxy_challenge(), the 407 don't have the
parameter 'algorithm=MD5'. Look below:
...
Proxy-Authenticate: Digest realm="proxy.com.br",
nonce="45be00f941f137ff037436c77f80a9531a02155f".
...
How can I put this parameter in digest informations?
...
Proxy-Authenticate: Digest realm="proxy.com.br",
nonce="45be00f941f137ff037436c77f80a9531a02155f",
algorithm="MD5".
...
Thanks in advance.
Bruno
__________________________________________________
Fale com seus amigos de graça com o novo Yahoo! Messenger
http://br.messenger.yahoo.com/
------------------------------------------------------------------------
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
__________________________________________________
Fale com seus amigos de graça com o novo Yahoo! Messenger
http://br.messenger.yahoo.com/
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
5 Feb
5 Feb
12:14 p.m.
New subject: [Users] 407 and algorithm=MD5
Hi Cesc,
actually this is the idea here. The key question is if both parties -
server and client- do use the default algorithm if non is explicitly set.
but this is not a problem from OpenSER point of view as it supports only
the MD5 algorithm :).
regards,
bogdan
Cesc wrote:
I don't really understand who fails to do what ...
but in any case, if
MD5 is the default, neither openser proxy or the phone sending the
invite should complain for a missing algorithm=MD5 parameter ... both
should simply assume this value unless specified otherwise ... thus,
the phone, when re-sending the INV with the authentication material,
it should do so with MD5 algorithm ...
Cesc
On 2/1/07, Bruno Machado <bsmufu(a)yahoo.com.br> wrote:
The section 3.2.1 (The WWW-Authenticate Response Header) from RFC
2617 says:
"algorithm
A string indicating a pair of algorithms used to produce the digest
and a checksum. If this is not present it is assumed to be "MD5".
"
I send a INVITE to Openser but it send back a 407 (Proxy
Authentication).
The parameter response was OK. But, without the parameter
'algorithm', the
proxy
didn't allow the authentication. It neither consult at Radius.
Looking at the RFC above, the SIP proxy must to use MD5 by default,
but it
don't accept the message without the parameter. Who needs to assume the
algorithm?
UAC or SIP Proxy?
Can it be a bug of OpenSER? Or my interpretation is
wrong?
Best regards.
Bruno Machado
----- Mensagem original ----
De: Bogdan-Andrei Iancu <bogdan(a)voice-system.ro>
Para: Bruno Machado <bsmufu(a)yahoo.com.br>
Cc: users(a)openser.org
Enviadas: Segunda-feira, 29 de Janeiro de 2007 14:21:31
Assunto: Re: [Users] 407 and algorithm=MD5
Hi Bruno,
you cannot configure to have the algorithm param added. If I'm not
wrong, the digest RFC says this is an optional param and the default
value is MD5.
regards,
bogdan
Bruno Machado wrote:
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
Hi.
When I use the function proxy_challenge(), the 407 don't have the
parameter 'algorithm=MD5'. Look below:
...
Proxy-Authenticate: Digest realm="proxy.com.br",
nonce="45be00f941f137ff037436c77f80a9531a02155f".
...
How can I put this parameter in digest informations?
...
Proxy-Authenticate: Digest realm="proxy.com.br",
nonce="45be00f941f137ff037436c77f80a9531a02155f",
algorithm="MD5".
...
Thanks in advance.
Bruno
__________________________________________________
Fale com seus amigos de graça com o novo Yahoo! Messenger
http://br.messenger.yahoo.com/
------------------------------------------------------------------------
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
__________________________________________________
Fale com seus amigos de graça com o novo Yahoo! Messenger
http://br.messenger.yahoo.com/
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
6503
days inactive
6507
days old
3 comments
3 participants
participants (3)
-
Bogdan-Andrei Iancu -
Bruno Machado -
Cesc