Correction on my comments. It is a client side issue. Thank you! On Thu, Sep 15, 2022 at 3:40 PM jacky z <zjack0...@gmail.com> wrote:
> After checking the log in the client side, here are some interesting > findings: > > Here is the what the client side received: > > WWW-Authenticate: Digest realm="sip.domain.com", > nonce="3mKlesEwotxnM5nLMMLgQA63E6VTKsTFpEkK7OkoE4QA", qop="auth,auth-int", > algorithm=SHA-256 > > Then the client side logs show: > > 15:25:51.858 ...Unsupported digest algorithm "SHA-256" > 15:25:51.859 ....SIP registration error: Invalid/unsupported digest > algorithm > > Firstly, if the server side did not include SHA-256 in the SIP message, > there would be no such issue. I don't understand why it needs to inform the > client side "SHA-256". Secondly, if the client side just simply ignored > "SHA-256", there would be no such issue. However, the client side treated > it as not supported. > > On Thu, Sep 15, 2022 at 3:16 PM jacky z <zjack0...@gmail.com> wrote: > >> Hi Bogdan-Andrei, >> >> I tried either specifying it or not. Neither worked. Here is the script >> when I tried: >> >> www_challenge("","auth,auth-int","SHA-256"); >> >> I also tried specifying the realm in the above code. When the above is >> used, there is no such error, but always returns 401. I checked the column >> ha1_sha256 and the hash of the password is correct. >> >> Thanks! >> >> On Thu, Sep 15, 2022 at 2:07 PM Bogdan-Andrei Iancu <bog...@opensips.org> >> wrote: >> >>> Hi, >>> >>> In your opensips.cfg, when doing auth challenge to the end points, do >>> you specify the SHA256 alg? >>> >>> https://opensips.org/html/docs/modules/3.2.x/auth.html#func_www_challenge >>> >>> Regards, >>> >>> Bogdan-Andrei Iancu >>> >>> OpenSIPS Founder and Developer >>> https://www.opensips-solutions.com >>> OpenSIPS Summit 27-30 Sept 2022, Athens >>> https://www.opensips.org/events/Summit-2022Athens/ >>> >>> On 9/15/22 7:18 AM, jacky z wrote: >>> >>> Hi Team, >>> >>> Does ha1_sha256 work in general opensips config settings? I have the >>> following in the scripts: >>> >>> modparam("auth_db", "calculate_ha1", 0) >>> >>> modparam("auth_db", "password_column", "ha1_sha256") >>> >>> >>> but got the following error in the log: >>> >>> >>> /usr/sbin/opensips[28261]: ERROR:auth:auth_calc_HA1: Incorrect length of >>> pre-hashed credentials for the algorithm "MD5": 32 expected, 64 provided >>> >>> >>> It seems though the sha256 was specified, but the server still >>> calculated MD5 and compared with the database column ha1_sha256. >>> >>> On Tue, Aug 9, 2022 at 5:39 PM Bogdan-Andrei Iancu <bog...@opensips.org> >>> wrote: >>> >>>> Hi Bela, >>>> >>>> The OCP does not support ha1_sha256 AFAIK. Consider opening a feature >>>> request here https://github.com/OpenSIPS/opensips-cp/issues >>>> >>>> Regards, >>>> >>>> Bogdan-Andrei Iancu >>>> >>>> OpenSIPS Founder and Developer >>>> https://www.opensips-solutions.com >>>> OpenSIPS Summit 27-30 Sept 2022, Athens >>>> https://www.opensips.org/events/Summit-2022Athens/ >>>> >>>> On 6/29/22 9:10 AM, Bela H wrote: >>>> >>>> Hi all, >>>> >>>> >>>> >>>> Is there any way to add new subscriber from OpenSIPS CP 9.3.2 using >>>> password mode ha1_sha256? >>>> >>>> The ha1 (MD5(username:realm:password)) works fine but I had no luck >>>> with the value generation for the ha1_sha256 field in “subscriber” table. >>>> >>>> >>>> >>>> I have this setting: >>>> >>>> modparam("auth_db", "calculate_ha1", 0) >>>> >>>> modparam("auth_db", "password_column", "ha1_sha256") >>>> >>>> >>>> >>>> Thanks! >>>> >>>> Bela >>>> >>>> >>>> >>>> >>>
_______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users