Hi Dennis, I am aware that GnuGk's H.235.1 password authentication is not interoperable with many (most ?) vendor implementations when using proper SHA1 hashes. (MD5 works fine, but its weak and not really standard). A proper fix for all devices requires much more what you posted. I have a full H.235.1 implementation under development and the comments you quote are from the H323Plus part of that fix that I have already committed a few weeks ago. Your fix happens to work, because AudioCodes fails to properly check the tokens it gets from GnuGk (I have one of their gateways in my lab). The full implementation will include (and verify) tokens in all RAS and Q.931 messages as required by the standard. But since many vendors have bugs in their implementations, we'll also need a number of switches to relax the checks for broken implementations. Unfortunately it will take a while until I can release the GnuGk part of my implementation. I don't have a sponsor for it and can only work on it now and then, so please bear with me. Regards, Jan -- Jan Willamowius, Founder of the GNU Gatekeeper Project EMail : jan@xxxxxxxxxxxxxx Website: http://www.gnugk.org Support: http://www.willamowius.com/gnugk-support.html Relaxed Communications GmbH Frahmredder 91 22393 Hamburg Geschäftsführer: Jan Willamowius HRB 125261 (Amtsgericht Hamburg) USt-IdNr: DE286003584 Denis Kochmashev wrote: > Hello, Jan! > > I was trying to authenticate RRQ's from AudioCodes MP-112 Gateway using > H.235 via SQLPasswordsAuth policy, and after spending some time > investigating why it is not working, found an intriguing message inside > h235auth1.cxx from H323Plus sources. It says the following: > --- > // H.235.0v4 clause 8.2 says generalID "should" be included, but > doesn't require it > // H.235.1v4 clause 14 says generalID "shall" be included in > ClearTokens, when the information is available > // AudioCodes 4.6 and Innovaphone v6-v9 don't include a generalID > --- > I guess it means that generalID check may be skipped. Unfortunately I > haven't found the solution using standard GNUGK tools. That is why I > wrote a small patch which tells H.235.1 authenticator to skip checking > generalID while validating crypto tokens inside RRQ from AudioCodes > Gateways. Since I have 5.00A.046.014 software version in my MP-112 which > is the last available from manufacturer, I think that this "feature" is > relevant for all AudioCodes Gateways. > > What would you say about including this workaround in GNUGK sources? > ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
