[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Linphone-users] Some info about Digest Auth
From: |
Dermot McGahon |
Subject: |
[Linphone-users] Some info about Digest Auth |
Date: |
Fri, 21 Apr 2006 16:06:24 +0100 |
User-agent: |
Opera M2/8.54 (Linux, build 1745) |
Hi Simon,
I've been looking into why Digest Auth isn't working when registering
to a Tadiran PABX, here's what I've found out so far.
RFC 2617 says that qop "SHOULD be used if the server indicated that qop
is supported by providing a qop directive in the WWW-Authenticate header
field". And that if qop is sent, cnonce and nonce-count MUST be sent with
it.
The PABX seems to be requiring auth with qop=auth and cnonce/nonce-count
returned.
It would probably be good practice nonetheless to include these in auth
responses?
jauth.c/eXosip_create_authorization_header() sets CNonce to NULL but does
pass Qop and NonceCount into the digest calculation.
DigestCalcResponse() has some code that used these for qop=auth-int, and
it looks wrong that it also applies this to qop=auth. But anyway, I don't
think any of that code is compiled in at present.
libosip seems to have enough support for adding qop/cnonce/nc to the
response header but I'm not sure how to go about choosing a valid value
for cnonce.
I'm not really sure how to proceed. What do others know about this?
Dermot.
--