[OpenSIPS-Users] Authenticating CPL locations
Rick van Rein
rick at openfortress.nl
Tue Dec 4 17:26:46 CET 2012
Hello Bogdan,
> you mean openspis to do client auth when sending the call as a
> result of a "location" node ?
Yes indeed. I want to filter and forward domain-bound SIP services
and forward that. I'd like to keep it as general as possible, so
others can use it too.
> you can do that by using the uac_auth() from uac module (requires
> uac_auth module for credentials)
This is a single secret (or HA1) if I understand the small mod-doc.
Would work when forwarding to a single node under my control, but not
to permit users of a service to setup their own CPL scripts with
arbitrary forwarding and their _own_ passwords, without letting other
users benefit from those passwords too.
I suppose then, I would have to modify uac_auth to make it more
flexible, and donate back the code. I could try to do that.
Do stop me if I'm saying something stupid :)
> do you get a DTD validation error ? or how are the examples rejected ?
When I send it the first example in RFC 3880 I get
| 500 Bad CPL file
| Log:: Error: CPL script doesn't respect CPL grammar
|
This seems to be caused by an indent before <?xml...?>
because when I remove that indentation, I get
| 500 Bad CPL file
| Log:: Error: CPL script is not a valid XML document
|
Then, when I change the RFC-compliant text
<cpl xmlns="urn:ietf:params:xml:ns:cpl" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd ">
into the minimalistic form
<cpl>
It finally gets accepted with
| 200 OK
|
It may be due to the use of an XML Schema in the RFC and a DTD in
OpenSIPS...?
Thanks,
-Rick
More information about the Users
mailing list