From d7cb7490b58120390e82f082593114af37d2b78a Mon Sep 17 00:00:00 2001
From: "wenpeng.song" <wenpeng.song@iopsys.eu>
Date: Wed, 23 Apr 2025 11:50:21 +0200
Subject: [PATCH] add security_verify to subsequent request with cached
 authorization

---
 res/res_pjsip_outbound_registration.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/res/res_pjsip_outbound_registration.c b/res/res_pjsip_outbound_registration.c
index 8e5d01a41a..194c7409fe 100644
--- a/res/res_pjsip_outbound_registration.c
+++ b/res/res_pjsip_outbound_registration.c
@@ -499,6 +499,7 @@ struct sip_outbound_registration_client_state {
 	unsigned int destroy:1;
 	/*! \brief Non-zero if we have attempted sending a REGISTER with authentication */
 	unsigned int auth_attempted:1;
+	unsigned int cached_security_verify:1;
 	/*! \brief Status code of last response if we have tried to register before */
 	int last_status_code;
 	/*! \brief The name of the transport to be used for the registration */
@@ -758,7 +759,7 @@ static void add_security_headers(struct sip_outbound_registration_client_state *
 	if (!contact_status && AST_VECTOR_SIZE(&client_state->server_security_mechanisms)) {
 		sec_mechs = &client_state->server_security_mechanisms;
 	}
-	if (client_state->status == SIP_REGISTRATION_REJECTED_TEMPORARY || client_state->auth_attempted) {
+	if (client_state->status == SIP_REGISTRATION_REJECTED_TEMPORARY || client_state->auth_attempted || client_state->cached_security_verify ) {
 		if (sec_mechs != NULL && pjsip_msg_find_hdr_by_name(tdata->msg, &security_verify, NULL) == NULL) {
 			ast_sip_add_security_headers(sec_mechs, "Security-Verify", 0, tdata);
 		}
@@ -1968,10 +1969,15 @@ static int handle_registration_response(void *data)
 	}
 
 	client_state->auth_attempted = 0;
+	client_state->cached_security_verify = 0;
 
 	if (PJSIP_IS_STATUS_IN_CLASS(response->code, 200)) {
 		struct ast_sip_endpoint *endpoint = ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), "endpoint", client_state->registration_name);
-
+		static const pj_str_t security_verify = { "Security-Verify", 15 };
+		if(response->old_request && pjsip_msg_find_hdr_by_name(response->old_request->msg, &security_verify, NULL) && pjsip_msg_find_hdr_by_name(response->old_request->msg, PJSIP_H_AUTHORIZATION, NULL)){
+			client_state->cached_security_verify = 1;
+			ast_debug(8, "Outbound registration request success with Security-Verify, and Authorization.\n");
+		}
 		/* Check if this is in regards to registering or unregistering
 		 * Retrieve the requested expiration if possible,
 		 * and check it combined with the received expiration to identify if it is reg or un-reg
-- 
GitLab