I actually gave up trying to this kind of checks on routed messages. Why? Not all phones behave the same way and some had problems when authentication (digest) was required for messages different than INVITE.
For example, Kphone can resend an INV if challenged which contains the auth-data. On the other hand, if a kphone is the receiver of the INV, and it hangs up, kphone generates a BYE message which does NOT contain auth-data. Thus, ser will challlenge the kphone back, kphone will reply with a CANCEL and resend the BYE without (again) the auth-data, entering an endless loop. Ain't it funny? By the way ... i notified this to kphone developers ... no news :(
I repeat, i tried other phones and it worked fine: minisip, polycom hardphone (has many other bugs ...), snom, ...
But i agree with Juha (and this makes it twice this afternoon) ... you should authenticate them as you would with any other message. Try using a phone which supports TLS and then you are good to go :)
Regards,
Cesc
Juha Heinanen jh@tutpro.com 05/03/05 11:58AM >>>
Klaus Darilion writes:
What would be a normal (out-of-dialog) check?
the same checks you do for initial requests that don't have Route header, i.e., check if domain of request uri is local, authenticate caller if local, etc.
-- juha
_______________________________________________ Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers Unclassified
There's exactly the same problem with Windows Messenger 5.1, the BYE REQUESTs aren't authenticated... and so, SER don't remove the user location information in mysql database. Not really "clean"..
----- Original Message ----- From: "Cesc Santasusana" cesc.santasusana@nl.thalesgroup.com To: klaus.mailinglists@pernau.at; jh@tutpro.com Cc: serusers@lists.iptel.org Sent: Tuesday, May 03, 2005 3:49 PM Subject: Re: [Serusers] Loose routing question
For example, Kphone can resend an INV if challenged which contains the auth-data. On the other hand, if a kphone is the receiver of the INV, and it hangs up, kphone generates a BYE message which does NOT contain auth-data. Thus, ser will challlenge the kphone back, kphone will reply with a CANCEL and resend the BYE without (again) the auth-data, entering an endless loop. Ain't it funny? By the way ... i notified this to kphone developers ... no news :(
-
Cesc Santasusana -
Vincent Verdot