Iñaki Baz Castillo schrieb:
El Viernes, 25 de Abril de 2008, Ash Rah escribió:
Hi,
On initial INVITEs, both OpenSER and Asterisk send separate nonce and X-Lite then sends back two different digests in a single following INVITE :
Proxy-Authorization: Digest username="1274229212",realm="asterisk",nonce="01d3972c",uri="sip:6048484848 484@sip.dummydomain.com",response="ff9058f8ea89c55d0b110d4eccf27e9c",algorit hm=MD5.
Proxy-Authorization: Digest username="1274229212",realm="sip.dummydomain.com",nonce="480ee655da312e1c8f 977cae40a747d26f7e9c5f",uri="sip:6048484848484@sip.dummydomain.com",response ="361700cce632c00ff70ede5e5126c6ac",algo
The first one is for asterisk, (realm="asterisk") and the second one is for OpenSER. But unfortunately OpenSER probably examines the first digest which causes failed Proxy Authorization.
Is it possible to instruct OpenSER to inspect both of the digests before it makes a decision?
Yes, but you must specify it, try this:
if (!proxy_authorize("sip.dummydomain.com","subscriber")) { proxy_challenge("","0"); exit; }
Do you understand? if "proxy_authorize" has an empty first parameter then OpenSer tries to authenticate against a realm paramenter that the client sends in the first "Proxy-Authorization" header.
Shouldn't the realm be derived from the To/From header?
regards klaus