diff options
author | Anders Svensson <[email protected]> | 2013-06-02 14:54:10 +0200 |
---|---|---|
committer | Anders Svensson <[email protected]> | 2013-06-02 14:54:10 +0200 |
commit | aae68673a30f9c7e0fffb424edd6abab6a70c1b9 (patch) | |
tree | be36706b710ed4f4ab3af9af5ee9075aa97f6d4e | |
parent | b2d97b781bb8f73d58700b8be224147923a1ae5d (diff) | |
parent | 169ec3dde995d48c02cb4d65e2fd69139a3a805b (diff) | |
download | otp-aae68673a30f9c7e0fffb424edd6abab6a70c1b9.tar.gz otp-aae68673a30f9c7e0fffb424edd6abab6a70c1b9.tar.bz2 otp-aae68673a30f9c7e0fffb424edd6abab6a70c1b9.zip |
Merge branch 'anders/diameter/inband_security/OTP-11050' into maint
* anders/diameter/inband_security/OTP-11050:
Don't send default Inband-Security-Id in CER/CEA
-rw-r--r-- | lib/diameter/src/base/diameter_capx.erl | 19 | ||||
-rw-r--r-- | lib/diameter/src/base/diameter_peer_fsm.erl | 7 |
2 files changed, 24 insertions, 2 deletions
diff --git a/lib/diameter/src/base/diameter_capx.erl b/lib/diameter/src/base/diameter_capx.erl index 9a443fead0..4b821f5139 100644 --- a/lib/diameter/src/base/diameter_capx.erl +++ b/lib/diameter/src/base/diameter_capx.erl @@ -282,9 +282,26 @@ build_CEA(_, LCaps, RCaps, Dict, CEA) -> [] -> Dict:'#set-'({'Result-Code', ?NOSECURITY}, CEA); [_] = IS -> - Dict:'#set-'({'Inband-Security-Id', IS}, CEA) + Dict:'#set-'({'Inband-Security-Id', inband_security(IS)}, CEA) end. +%% Only set Inband-Security-Id if different from the default, since +%% RFC 6733 recommends against the AVP: +%% +%% 6.10. Inband-Security-Id AVP +%% +%% The Inband-Security-Id AVP (AVP Code 299) is of type Unsigned32 and +%% is used in order to advertise support of the security portion of the +%% application. The use of this AVP in CER and CEA messages is NOT +%% RECOMMENDED. Instead, discovery of a Diameter entity's security +%% capabilities can be done either through static configuration or via +%% Diameter Peer Discovery as described in Section 5.2. + +inband_security([?NO_INBAND_SECURITY]) -> + []; +inband_security([_] = IS) -> + IS. + %% common_security/2 common_security(#diameter_caps{inband_security_id = LS}, diff --git a/lib/diameter/src/base/diameter_peer_fsm.erl b/lib/diameter/src/base/diameter_peer_fsm.erl index 6be4259510..d9db630ec0 100644 --- a/lib/diameter/src/base/diameter_peer_fsm.erl +++ b/lib/diameter/src/base/diameter_peer_fsm.erl @@ -702,7 +702,7 @@ build_answer('CER', N -> {cea(CEA, N, Dict0), [fun open/5, Pkt, SupportedApps, Caps, - {accept, hd([_] = IS)}]} + {accept, inband_security(IS)}]} catch ?FAILURE(Reason) -> rejected(Reason, {'CER', Reason, Caps, Pkt}, S) @@ -719,6 +719,11 @@ build_answer(Type, RC = rc(H, Es), {answer(Type, RC, Es, S), post(Type, RC, Pkt, S)}. +inband_security([]) -> + ?NO_INBAND_SECURITY; +inband_security([IS]) -> + IS. + cea(CEA, ok, _) -> CEA; cea(CEA, 2001, _) -> |