Hi!
Do you have the domain hardcoded in the authenticate function? If not openser tries to detect it from the from header (anonymous.invalid) and thus may not find the authorization header.
regards klaus
IƱaki Baz Castillo schrieb:
Hi, when I do a call with hiddn callerid from my Twinkle it sends an INVITE with:
INVITE sip:1414@my_domain.net SIP/2.0 From: "Anonymous" sip:anonymous@anonymous.invalid;tag=emirn Privacy: id P-Preferred-Identity: "IBC" sip:ibc@my_domain.net
and of course my Openser asks Twinkle for authentication:
SIP/2.0 407 Proxy Authentication Required Proxy-Authenticate: Digest realm="my_domain.net", nonce="4838005d57e5ee0a1f96430d63696fe1407ef93e", qop="auth"
and I see the $rc code of "proxy-authentication()" is -4 (no credentials).
So my Twinkle sends a correct INVITE (CSeq + 1 and "Proxy-Authorization" header):
INVITE sip:1414@my_domain.net SIP/2.0 From: "Anonymous" sip:anonymous@anonymous.invalid;tag=emirn Privacy: id P-Preferred-Identity: "IBC" sip:ibc@my_domain.net Proxy-Authorization: Digest username="ibc", realm="mt_domain.net", nonce="4838005d57e5ee0a1f96430d63696fe1407ef93e", uri="sip:1414@my_domain.net", response="061d82967778669a01e53d168f2da93b", algorithm=MD5, cnonce="9n7ln49l46", qop=auth, nc=00000001
But "proxy-authentication()" replies again with -4 (no credentials).
SIP/2.0 407 Proxy Authentication Required Proxy-Authenticate: Digest realm="my_domain.net", nonce="4838005d57e5ee0a1f96430d63696fe1407ef93e", qop="auth"
Why? Obviously the INVITE **does include** Proxy-Authorization. Maybe RC3261 says that a server must not challenge for authentication a user with From "Anonymous" sip:anonymous@anonymous.invalid ?
Of course authentication works properly when not hidding callerid.
Thanks for any explanation.