我试图使用pjsip库运行这个示例C++应用程序,但当我运行该应用程序时,我遇到了以下错误:
06:56:50.480 sip_auth_client.c ...Unsupported digest algorithm "SHA-256"
06:56:50.480 pjsua_acc.c ....SIP registration error: Invalid/unsupported digest algorithm (PJSIP_EINVALIDALGORITHM) [status=171102]
但是,当我检查来自服务器的SIP响应时,我注意到它包含两个WWW-Authenticate头:
WWW-Authenticate: Digest realm="sip.linphone.org", nonce="ImEX4gAAAAC73QlWAAC9corBNkwAAAAA", opaque="+GNywA==", algorithm=SHA-256, qop="auth"
WWW-Authenticate: Digest realm="sip.linphone.org", nonce="ImEX4gAAAAC73QlWAAC9corBNkwAAAAA", opaque="+GNywA==", algorithm=MD5, qop="auth"
所以问题是,如果pjsip不支持sha-256算法,为什么不使用第二个标题中提到的md5算法?
示例代码为:
#include <pjsua2.hpp>
#include <iostream>
using namespace pj;
// Subclass to extend the Account and get notifications etc.
class MyAccount : public Account {
public:
virtual void onRegState(OnRegStateParam &prm) {
AccountInfo ai = getInfo();
std::cout << (ai.regIsActive? "*** Register:" : "*** Unregister:")
<< " code=" << prm.code << std::endl;
}
};
int main()
{
Endpoint ep;
ep.libCreate();
// Initialize endpoint
EpConfig ep_cfg;
ep.libInit( ep_cfg );
// Create SIP transport. Error handling sample is shown
TransportConfig tcfg;
tcfg.port = 5060;
try {
ep.transportCreate(PJSIP_TRANSPORT_UDP, tcfg);
} catch (Error &err) {
std::cout << err.info() << std::endl;
return 1;
}
// Start the library (worker threads etc)
ep.libStart();
std::cout << "*** PJSUA2 STARTED ***" << std::endl;
// Configure an AccountConfig
AccountConfig acfg;
acfg.idUri = "sip:test@pjsip.org";
acfg.regConfig.registrarUri = "sip:pjsip.org";
AuthCredInfo cred("digest", "*", "test", 0, "secret");
acfg.sipConfig.authCreds.push_back( cred );
// Create the account
MyAccount *acc = new MyAccount;
acc->create(acfg);
// Here we don't have anything else to do..
pj_thread_sleep(10000);
// Delete the account. This will unregister from server
delete acc;
// This will implicitly shutdown the library
return 0;
}
我自己也在努力解决这个问题。显然,PJSIP只评估第一个WWW-Authenticate头,即使服务器提供了多个。
为了克服这个问题,我在源代码中更改了以下内容:
在文件/pjsip/src/pjsip/sip_auth_client.c中找到生成WWW-Authenticate标头响应的代码块。它应该在1220线附近。
/* Create authorization header for this challenge, and update
* authorization session.
*/
status = process_auth(tdata->pool, hchal, tdata->msg->line.req.uri,
tdata, sess, cached_auth, &hauth);
if (status != PJ_SUCCESS)
return status;
if (pj_pool_get_used_size(cached_auth->pool) >
PJSIP_AUTH_CACHED_POOL_MAX_SIZE)
{
recreate_cached_auth_pool(sess->endpt, cached_auth);
}
/* Add to the message. */
pjsip_msg_add_hdr(tdata->msg, (pjsip_hdr*)hauth);
/* Process next header. */
hdr = hdr->next;
并将其替换为
/* Create authorization header for this challenge, and update
* authorization session.
*/
status = process_auth(tdata->pool, hchal, tdata->msg->line.req.uri,
tdata, sess, cached_auth, &hauth);
if (status != PJ_SUCCESS){
// Previously, pjsip analysed one www-auth header, and if it failed (due to unsupported sha-256 digest for example), it returned and did not consider the next www-auth header.
PJ_LOG(4,(THIS_FILE, "Invalid response, moving to next"));
//return status;
hdr = hdr->next;
}else{
if (pj_pool_get_used_size(cached_auth->pool) >
PJSIP_AUTH_CACHED_POOL_MAX_SIZE)
{
recreate_cached_auth_pool(sess->endpt, cached_auth);
}
/* Add to the message. */
pjsip_msg_add_hdr(tdata->msg, (pjsip_hdr*)hauth);
/* Process next header. */
hdr = hdr->next;
}
然后重新编译源代码(按照以下说明如何为python安装pjsua2包?(
请注意,尽管这解决了linphone的问题,但我没有在其他情况下测试这一点(例如,当服务器发送多个有效算法或根本没有发送时(。