问题
I am building a basic SIP UA. I am sending the following INVITE, as seen in Asterisk console (only headers relevant to authentication are shown):
INVITE sip:104@192.168.1.92 SIP/2.0
From: "110"<sip:110@192.168.1.92>;tag=80859256
To: <sip:104@192.168.1.92>
Call-ID: 80859256
CSeq: 80859256 INVITE
Via: SIP/2.0/UDP 192.168.1.92:6000;branch=z9hG4bK-80859256
Contact: <sip:110@192.168.1.92>
In response, I get the following challenge:
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.1.92:6000;branch=z9hG4bK- 80859256;received=127.0.0.1
From: "110"<sip:110@192.168.1.92>;tag=80859256
To: <sip:104@192.168.1.92>;tag=as25af7f49
Call-ID: 80859256
CSeq: 80859256 INVITE
Server: Asterisk PBX 13.7.2
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="20e95772"
Content-Length: 0
I reply with the following:
ACK sip:104@192.168.1.92 SIP/2.0
From: "110"<sip:110@192.168.1.92>;tag=80859256
To: <sip:104@192.168.1.92>;tag=as25af7f49
Call-ID: 80859256
CSeq: 80859256 ACK
Via: SIP/2.0/UDP 192.168.1.92:6000;rport;branch=z9hG4bK-80859256
Contact: <sip:110@192.168.1.92>
Content-Length: 0
INVITE sip:104@192.168.1.92 SIP/2.0
From: "110"<sip:110@192.168.1.92>;tag=80859256
To: <sip:104@192.168.1.92>
Call-ID: 80859256
CSeq: 80859257 INVITE
Via: SIP/2.0/UDP 192.168.1.92:6000;rport;branch=z9hG4bK-80859257
Max-Forwards:5
Allow: REGISTER, INVITE, ACK, BYE, REFER, NOTIFY, CANCEL, INFO, OPTIONS, PRACK, SUBSCRIBE
Contact: <sip:110@192.168.1.92>
Authorization: Digest
username="110",realm="asterisk", nonce="20e95772",uri="sip:104@192.168.1.92",response="ed2de012b2255e85ddb0ee724b9a3ffd"
Session-Expires: 1800
Min-SE: 90
Content-Type: application/sdp
I have not included above the actual SDP sent with the invites. The password for extension 110 is 110 as defined in sip.conf.
QUESTION: I am getting this error:
WARNING...: chan_sip.c:16702 check_auth: username mismatch, have <110>, digest has <>
NOTICE...: chan_sip.c:25603 handle_request_invite: Failed to authenticate device "110"<sip:110@192.168.1.92>;tag=76981187
This is followed by a "SIP/2.0 403 Forbidden" message.
I do not believe that my digest calculation as sent in the second INVITE is wrong.
What needs to be changed? I have spent a lot of time in debugging this... Any help would be HIGHLY appreciated.
回答1:
The username in the response is being parsed by Asterisk as empty because the Authorization header field ends after the CR+LF between the words "Digest" and "username". In order for a header field to be continued on a new line, the line needs to start with whitespace; from RFC3261:
Header fields can be extended over multiple lines by preceding each extra line with at least
one SP or horizontal tab (HT). The line break and the whitespace at the beginning of the
next line are treated as a single SP character.
Either removing the CR+LF, or inserting whitespace at the beginning of the new line should correct the problem.
来源:https://stackoverflow.com/questions/36998787/asterisk-digest-authentication-for-sip-invite-gives-user-mismatch-error