The sip-implementors list at
Columbia.edu would be more appropriate for
this question.
Why not look in ser auth module code?
And yes, the algorithm is the same as http digest.
g-)
Holger Kinkelin wrote:
Hello list!
I wonder how a UAC calculates the response to a 401 "Unauthorized"
message from a server.
I know that it works much like http digest authentication, but it's
not exactely the same, since I do NOT have the Quality of Protection
(qop) value. (Or am I wrong? My assumption is based on the fact that I
don't see a qop-value in the REGISTER message my kphone sends after
the 401)
I've written some piece of code that is (in pseudo code) like that:
HA1 = md5(username + ":" + realm + ":" + password)
HA2 = md5(digestURI)
response = md5(HA1 + ":" + nonce + ":" + recCounter + ":" +
cNonce +
":" + qualOfProt + ":" + HA2)
username = "1000"
realm = "192.168.0.31"
password = "1000"
digestURI = "sip:192.168.0.31" <--- IS THIS CORRECT?? Or is it s.th
like "REGISTER sip: ..."?
nonce = "4520e111333a24d8c4f3d20c6171cc37dfa2be33"
recCounter = "00000001"
cNonce = "abcdefghi"
qualOfProt IS MISSING!
I know that my code is working for "normal" http digest authentication
but not for "sip digest authentication". So what am I doing wrong?
Thanks for replies in advance!
Regards,
Holger
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers