[Home]

Summary:ASTERISK-30032: Support of mediasec SIP headers and SDP attributes
Reporter:Maximilian Fridrich (mfridrich)Labels:
Date Opened:2022-04-27 04:28:44Date Closed:2022-10-03 07:31:24
Priority:MinorRegression?No
Status:Closed/CompleteComponents:Resources/res_pjsip
Versions:18.11.0 Frequency of
Occurrence
Related
Issues:
Environment:Attachments:
Description:Some SIP UAs require the "mediasec" header field parameter in the SIP Security headers and the "3ge2ae" attribute in SDP to allow secure communication. These fields are not specified in any RFC but they are defined in the [3GPP specification 24.229|https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=1055] (specifically sections 7.2A.7 and 6.1).

In particular, the SIP headers "Security-Client", "Security-Server", and "Security-Verify" must be supported. Asterisk endpoints and outbound registrations must configurable to set these security mechanisms.

Some large telecommunication providers require these fields, so it would be desirable to make Asterisk compatible with them and/or switch them on through configuration options (in pjsip). There are patchsets out there that implement this behavior (to some extent) in res_pjsip (see mailing list).
Comments:By: Asterisk Team (asteriskteam) 2022-04-27 04:28:45.160-0500

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. Please note that log messages and other files should not be sent to the Sangoma Asterisk Team unless explicitly asked for. All files should be placed on this issue in a sanitized fashion as needed.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].

Please note that once your issue enters an open state it has been accepted. As Asterisk is an open source project there is no guarantee or timeframe on when your issue will be looked into. If you need expedient resolution you will need to find and pay a suitable developer. Asking for an update on your issue will not yield any progress on it and will not result in a response. All updates are posted to the issue when they occur.

Please note that by submitting data, code, or documentation to Sangoma through JIRA, you accept the Terms of Use present at [https://www.asterisk.org/terms-of-use/|https://www.asterisk.org/terms-of-use/].

By: Joshua C. Colp (jcolp) 2022-04-27 04:32:51.898-0500

Features requests without patches are not accepted through the issue tracker. Features requests are openly discussed on the mailing lists, forums, and IRC [1]. Please see the Asterisk Issue Guidelines [2] for more information on feature request and patch submission.

[1] http://asterisk.org/community/discuss
[2] https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines

Additionally we can not take the patch from the mailing list and just include it. It is not licensed for inclusion into Asterisk.

If this is a project you would like to take on yourself (and not merely put a third party patch up for review) then this issue can be reopened.

By: Maximilian Fridrich (mfridrich) 2022-04-27 04:38:18.166-0500

Yes, I am currently working on this. I thought I needed an Asterisk issue to refer to for patch submission. I will use the mailing list for further discussions on the topic.

By: Asterisk Team (asteriskteam) 2022-04-27 04:38:18.377-0500

This issue has been reopened as a result of your commenting on it as the reporter. It will be triaged once again as applicable.

By: Joshua C. Colp (jcolp) 2022-04-27 04:39:31.181-0500

You did not originally state you were working on this, or were planning to contribute a patch thus my response. I will leave this open.

By: Friendly Automation (friendly-automation) 2022-10-03 07:31:27.023-0500

Change 19388 merged by Friendly Automation:
res_pjsip: Add mediasec capabilities.

[https://gerrit.asterisk.org/c/asterisk/+/19388|https://gerrit.asterisk.org/c/asterisk/+/19388]

By: Friendly Automation (friendly-automation) 2022-10-03 07:31:51.874-0500

Change 18837 merged by Friendly Automation:
res_pjsip: Add mediasec capabilities.

[https://gerrit.asterisk.org/c/asterisk/+/18837|https://gerrit.asterisk.org/c/asterisk/+/18837]

By: Friendly Automation (friendly-automation) 2022-10-03 08:00:24.094-0500

Change 19387 merged by George Joseph:
res_pjsip: Add mediasec capabilities.

[https://gerrit.asterisk.org/c/asterisk/+/19387|https://gerrit.asterisk.org/c/asterisk/+/19387]

By: Friendly Automation (friendly-automation) 2022-10-03 08:00:55.341-0500

Change 19389 merged by George Joseph:
res_pjsip: Add mediasec capabilities.

[https://gerrit.asterisk.org/c/asterisk/+/19389|https://gerrit.asterisk.org/c/asterisk/+/19389]

By: Friendly Automation (friendly-automation) 2022-10-03 08:01:26.073-0500

Change 19370 merged by George Joseph:
res_pjsip: Add mediasec capabilities.

[https://gerrit.asterisk.org/c/asterisk/+/19370|https://gerrit.asterisk.org/c/asterisk/+/19370]