Reputation: 10095
Asterisk Digest Authentication for SIP INVITE gives "user mismatch" error
I am building a basic SIP UA. I am sending the following INVITE, as seen in Asterisk console (only headers relevant to authentication are shown):
INVITE sip:[email protected] SIP/2.0
From: "110"<sip:[email protected]>;tag=80859256
To: <sip:[email protected]>
Call-ID: 80859256
CSeq: 80859256 INVITE
Via: SIP/2.0/UDP 192.168.1.92:6000;branch=z9hG4bK-80859256
Contact: <sip:[email protected]>
In response, I get the following challenge:
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.1.92:6000;branch=z9hG4bK- 80859256;received=127.0.0.1
From: "110"<sip:[email protected]>;tag=80859256
To: <sip:[email protected]>;tag=as25af7f49
Call-ID: 80859256
CSeq: 80859256 INVITE
Server: Asterisk PBX 13.7.2
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="20e95772"
Content-Length: 0
I reply with the following:
ACK sip:[email protected] SIP/2.0
From: "110"<sip:[email protected]>;tag=80859256
To: <sip:[email protected]>;tag=as25af7f49
Call-ID: 80859256
CSeq: 80859256 ACK
Via: SIP/2.0/UDP 192.168.1.92:6000;rport;branch=z9hG4bK-80859256
Contact: <sip:[email protected]>
Content-Length: 0
INVITE sip:[email protected] SIP/2.0
From: "110"<sip:[email protected]>;tag=80859256
To: <sip:[email protected]>
Call-ID: 80859256
CSeq: 80859257 INVITE
Via: SIP/2.0/UDP 192.168.1.92:6000;rport;branch=z9hG4bK-80859257
Max-Forwards:5
Allow: REGISTER, INVITE, ACK, BYE, REFER, NOTIFY, CANCEL, INFO, OPTIONS, PRACK, SUBSCRIBE
Contact: <sip:[email protected]>
Authorization: Digest
username="110",realm="asterisk", nonce="20e95772",uri="sip:[email protected]",response="ed2de012b2255e85ddb0ee724b9a3ffd"
Session-Expires: 1800
Min-SE: 90
Content-Type: application/sdp
I have not included above the actual SDP sent with the invites. The password for extension 110 is 110 as defined in sip.conf.
QUESTION: I am getting this error:
WARNING...: chan_sip.c:16702 check_auth: username mismatch, have <110>, digest has <>
NOTICE...: chan_sip.c:25603 handle_request_invite: Failed to authenticate device "110"<sip:[email protected]>;tag=76981187
This is followed by a "SIP/2.0 403 Forbidden" message.
I do not believe that my digest calculation as sent in the second INVITE is wrong.
What needs to be changed? I have spent a lot of time in debugging this... Any help would be HIGHLY appreciated.
Upvotes: 1
Views: 4249
Answers (1)
Reputation: 733
The username in the response is being parsed by Asterisk as empty because the Authorization header field ends after the CR+LF between the words "Digest" and "username". In order for a header field to be continued on a new line, the line needs to start with whitespace; from RFC3261:
Header fields can be extended over multiple lines by preceding each extra line with at least
one SP or horizontal tab (HT). The line break and the whitespace at the beginning of the
next line are treated as a single SP character.
Either removing the CR+LF, or inserting whitespace at the beginning of the new line should correct the problem.
Upvotes: 1
Related Questions
- Explaination of 180 ringing message in sip
- Showing errors in kamailio syslogs for Register messages
- How to implement SIP packages in C#
- How to get the data returned in sip debugging on asterisk?
- Error 488 Not acceptable here
- How to configure asterisk instant messaging to work with linphone?
- Mobicents - RestComm Issue
- is SDP sendonly means to open one RTP Audio stream in this case?