El Viernes, 25 de Abril de 2008, Ash Rah escribió:
Hi,
On initial INVITEs, both OpenSER and Asterisk send separate nonce and X-Lite then sends back two different digests in a single following INVITE :
Proxy-Authorization: Digest username="1274229212",realm="asterisk",nonce="01d3972c",uri="sip:6048484848 484@sip.dummydomain.com",response="ff9058f8ea89c55d0b110d4eccf27e9c",algorit hm=MD5.
Proxy-Authorization: Digest username="1274229212",realm="sip.dummydomain.com",nonce="480ee655da312e1c8f 977cae40a747d26f7e9c5f",uri="sip:6048484848484@sip.dummydomain.com",response ="361700cce632c00ff70ede5e5126c6ac",algo
The first one is for asterisk, (realm="asterisk") and the second one is for OpenSER. But unfortunately OpenSER probably examines the first digest which causes failed Proxy Authorization.
Is it possible to instruct OpenSER to inspect both of the digests before it makes a decision?
Yes, but you must specify it, try this:
if (!proxy_authorize("sip.dummydomain.com","subscriber")) { proxy_challenge("","0"); exit; }
Do you understand? if "proxy_authorize" has an empty first parameter then OpenSer tries to authenticate against a realm paramenter that the client sends in the first "Proxy-Authorization" header.
Anyway I've never tryed it so I'm not sure but hope theorically it should work XD
Regards.