Hi,
Some more info on this: the challenge function allows you to specify a
list of algorithms, not only one, so you can try "MD5,SHA-256" -> this
will allow the client to pick the one it supports.
But in order to have this multi-algs working, be sure you do NOT set the
"password_column" modparam (as the module will auto-detect witch column
to use, depending on the alg). Just keep the calculate_ha1 to 0.
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
https://www.opensips.org/events/Summit-2022Athens/
On 9/15/22 10:56 AM, jacky z wrote:
Correction on my comments. It is a client side issue. Thank you!
On Thu, Sep 15, 2022 at 3:40 PM jacky z <zjack0...@gmail.com
<mailto:zjack0...@gmail.com>> wrote:
After checking the log in the client side, here are some
interesting findings:
Here is the what the client side received:
WWW-Authenticate: Digest realm="sip.domain.com
<http://sip.domain.com>",
nonce="3mKlesEwotxnM5nLMMLgQA63E6VTKsTFpEkK7OkoE4QA",
qop="auth,auth-int", algorithm=SHA-256
Then the client side logs show:
15:25:51.858 ...Unsupported digest algorithm "SHA-256"
15:25:51.859 ....SIP registration error: Invalid/unsupported
digest algorithm
Firstly, if the server side did not include SHA-256 in the SIP
message, there would be no such issue. I don't understand why it
needs to inform the client side "SHA-256". Secondly, if the client
side just simply ignored "SHA-256", there would be no such issue.
However, the client side treated it as not supported.
On Thu, Sep 15, 2022 at 3:16 PM jacky z <zjack0...@gmail.com
<mailto:zjack0...@gmail.com>> wrote:
Hi Bogdan-Andrei,
I tried either specifying it or not. Neither worked. Here is
the script when I tried:
www_challenge("","auth,auth-int","SHA-256");
I also tried specifying the realm in the above code. When the
above is used, there is no such error, but always returns 401.
I checked the column ha1_sha256 and the hash of the password
is correct.
Thanks!
On Thu, Sep 15, 2022 at 2:07 PM Bogdan-Andrei Iancu
<bog...@opensips.org <mailto:bog...@opensips.org>> wrote:
Hi,
In your opensips.cfg, when doing auth challenge to the end
points, do you specify the SHA256 alg?
https://opensips.org/html/docs/modules/3.2.x/auth.html#func_www_challenge
<https://opensips.org/html/docs/modules/3.2.x/auth.html#func_www_challenge>
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
<https://www.opensips-solutions.com>
OpenSIPS Summit 27-30 Sept 2022, Athens
https://www.opensips.org/events/Summit-2022Athens/
<https://www.opensips.org/events/Summit-2022Athens/>
On 9/15/22 7:18 AM, jacky z wrote:
Hi Team,
Does ha1_sha256 work in general opensips config settings?
I have the following in the scripts:
modparam("auth_db", "calculate_ha1", 0)
modparam("auth_db", "password_column", "ha1_sha256")
but got the following error in the log:
/usr/sbin/opensips[28261]: ERROR:auth:auth_calc_HA1:
Incorrect length of pre-hashed credentials for the
algorithm "MD5": 32 expected, 64 provided
It seems though the sha256 was specified, but the server
still calculated MD5 and compared with the database
column ha1_sha256.
On Tue, Aug 9, 2022 at 5:39 PM Bogdan-Andrei Iancu
<bog...@opensips.org <mailto:bog...@opensips.org>> wrote:
Hi Bela,
The OCP does not support ha1_sha256 AFAIK. Consider
opening a feature request here
https://github.com/OpenSIPS/opensips-cp/issues
<https://github.com/OpenSIPS/opensips-cp/issues>
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
<https://www.opensips-solutions.com>
OpenSIPS Summit 27-30 Sept 2022, Athens
https://www.opensips.org/events/Summit-2022Athens/
<https://www.opensips.org/events/Summit-2022Athens/>
On 6/29/22 9:10 AM, Bela H wrote:
Hi all,
Is there any way to add new subscriber from OpenSIPS
CP 9.3.2 using password mode ha1_sha256?
The ha1 (MD5(username:realm:password)) works fine
but I had no luck with the value generation for the
ha1_sha256 field in “subscriber” table.
I have this setting:
modparam("auth_db", "calculate_ha1", 0)
modparam("auth_db", "password_column", "ha1_sha256")
Thanks!
Bela
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
