aboutsummaryrefslogtreecommitdiffstats
path: root/lib/diameter/src/base/diameter_capx.erl
diff options
context:
space:
mode:
authorAnders Svensson <[email protected]>2013-05-30 15:03:28 +0200
committerAnders Svensson <[email protected]>2013-05-30 15:30:35 +0200
commit169ec3dde995d48c02cb4d65e2fd69139a3a805b (patch)
tree35627c7b46bae2bece57afae70097c93ef8b3ebe /lib/diameter/src/base/diameter_capx.erl
parent22685099ace9802016bf6203c525702084717d72 (diff)
downloadotp-169ec3dde995d48c02cb4d65e2fd69139a3a805b.tar.gz
otp-169ec3dde995d48c02cb4d65e2fd69139a3a805b.tar.bz2
otp-169ec3dde995d48c02cb4d65e2fd69139a3a805b.zip
Don't send default Inband-Security-Id in CER/CEA
RFC 6733 recommends against the use of Inband-Security-Id, so only send a value that differs from the default.
Diffstat (limited to 'lib/diameter/src/base/diameter_capx.erl')
-rw-r--r--lib/diameter/src/base/diameter_capx.erl19
1 files changed, 18 insertions, 1 deletions
diff --git a/lib/diameter/src/base/diameter_capx.erl b/lib/diameter/src/base/diameter_capx.erl
index 9a443fead0..4b821f5139 100644
--- a/lib/diameter/src/base/diameter_capx.erl
+++ b/lib/diameter/src/base/diameter_capx.erl
@@ -282,9 +282,26 @@ build_CEA(_, LCaps, RCaps, Dict, CEA) ->
[] ->
Dict:'#set-'({'Result-Code', ?NOSECURITY}, CEA);
[_] = IS ->
- Dict:'#set-'({'Inband-Security-Id', IS}, CEA)
+ Dict:'#set-'({'Inband-Security-Id', inband_security(IS)}, CEA)
end.
+%% Only set Inband-Security-Id if different from the default, since
+%% RFC 6733 recommends against the AVP:
+%%
+%% 6.10. Inband-Security-Id AVP
+%%
+%% The Inband-Security-Id AVP (AVP Code 299) is of type Unsigned32 and
+%% is used in order to advertise support of the security portion of the
+%% application. The use of this AVP in CER and CEA messages is NOT
+%% RECOMMENDED. Instead, discovery of a Diameter entity's security
+%% capabilities can be done either through static configuration or via
+%% Diameter Peer Discovery as described in Section 5.2.
+
+inband_security([?NO_INBAND_SECURITY]) ->
+ [];
+inband_security([_] = IS) ->
+ IS.
+
%% common_security/2
common_security(#diameter_caps{inband_security_id = LS},