Skip to content
Snippets Groups Projects
Commit 5b25c75d authored by Alexander Traud's avatar Alexander Traud Committed by Kevin Harwell
Browse files

chan_sip: On authentication, pick MD5 for sure.

RFC 8760 added new digest-access-authentication schemes. Testing
revealed that chan_sip does not pick MD5 if several schemes are offered
by the User Agent Server (UAS). This change does not implement any of
the new schemes like SHA-256. This change makes sure, MD5 is picked so
UAS with SHA-2 enabled, like the service www.linphone.org/freesip, can
still be used. This should have worked since day one because SIP/2.0
already envisioned several schemes (see RFC 3261 and its augmented BNF
for 'algorithm' which includes 'token' as third alternative; note: if
'algorithm' was not present, MD5 is still assumed even in RFC 7616).

Change-Id: I61ca0b1f74b5ec2b5f3062c2d661cafeaf597fcd
parent fb3b14ab
Branches
Tags
No related merge requests found
...@@ -23077,6 +23077,7 @@ static int reply_digest(struct sip_pvt *p, struct sip_request *req, char *header ...@@ -23077,6 +23077,7 @@ static int reply_digest(struct sip_pvt *p, struct sip_request *req, char *header
char tmp[512]; char tmp[512];
char *c; char *c;
char oldnonce[256]; char oldnonce[256];
int start = 0;
   
/* table of recognised keywords, and places where they should be copied */ /* table of recognised keywords, and places where they should be copied */
const struct x { const struct x {
...@@ -23091,9 +23092,11 @@ static int reply_digest(struct sip_pvt *p, struct sip_request *req, char *header ...@@ -23091,9 +23092,11 @@ static int reply_digest(struct sip_pvt *p, struct sip_request *req, char *header
{ NULL, 0 }, { NULL, 0 },
}; };
   
ast_copy_string(tmp, sip_get_header(req, header), sizeof(tmp)); do {
if (ast_strlen_zero(tmp)) ast_copy_string(tmp, __get_header(req, header, &start), sizeof(tmp));
return -1; if (ast_strlen_zero(tmp))
return -1;
} while (strcasestr(tmp, "algorithm=") && !strcasestr(tmp, "algorithm=MD5"));
if (strncasecmp(tmp, "Digest ", strlen("Digest "))) { if (strncasecmp(tmp, "Digest ", strlen("Digest "))) {
ast_log(LOG_WARNING, "missing Digest.\n"); ast_log(LOG_WARNING, "missing Digest.\n");
return -1; return -1;
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment