capitalization of MD5 in WWW-Authenticate, and linphone's approach

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

capitalization of MD5 in WWW-Authenticate, and linphone's approach

Greg Troxel
I am setting up and Asterisk PBX and trying to register some softphones.
I'm using "auth_type=userpass" in Asterisk which results in MD5 digest.

Asterisk is sending

  WWW-Authenticate: Digest realm="asterisk",nonce="1574785341/<hexdigits>",opaque="<hexdigits>",algorithm=md5,qop="auth"

which I think is not quite right as MD5 should be upper case.  But it
seems surprising that Asterisk would have such a bug, leading me to
think I am missing something.

With Mac linphone desktop, registration succeeds normally (401 and then
a new REGISTER with authentication).

With Android linphone 4.1.1 (from f-droid), linphone does not respond to
the challenge.

If I disable authentication in Asterisk, Android linphone registers
fine.

With baresip-studio, I am able to register when authentication is
required.  (I am pretty sure that this used to fail, but perhaps I
mentioned this to the author.)

So:

  Am I correct that "algorithm=md5" is wrong?   Or are these strings
  defined not to be case sensitive?

  It seems that Android linphone should treat it as MD5, as the desktop
  client seems to.

It seems this came up already and was fixed, but is perhaps broken again:

  https://github.com/BelledonneCommunications/linphone-android/issues/216



Thanks,
Greg


_______________________________________________
Linphone-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-users
Reply | Threaded
Open this post in threaded view
|

Re: capitalization of MD5 in WWW-Authenticate, and linphone's approach

Greg Troxel
Greg Troxel <[hidden email]> writes:

> I am setting up and Asterisk PBX and trying to register some softphones.
> I'm using "auth_type=userpass" in Asterisk which results in MD5 digest.
>
> Asterisk is sending
>
>   WWW-Authenticate: Digest realm="asterisk",nonce="1574785341/<hexdigits>",opaque="<hexdigits>",algorithm=md5,qop="auth"
>
> which I think is not quite right as MD5 should be upper case.  But it
> seems surprising that Asterisk would have such a bug, leading me to
> think I am missing something.

Update: I modified asterisk to send MD5, and verified that with tcpdump.
linphone is still not responding to the challenge.  I know it's time to
fire up adb and will, but

Is anyone successfully using linphone android (esp. 4.1.1 from f-droid)
with asterisk (16)?

_______________________________________________
Linphone-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-users