Make REST API hash algorithm configurable #1447
Conversation
| stun_attr_ref sar = stun_attr_get_first_by_type_str( | ||
| ioa_network_buffer_data(nbh), ioa_network_buffer_get_size(nbh), STUN_ATTRIBUTE_MESSAGE_INTEGRITY); | ||
| if (!sar) { | ||
| return -1; |
There was a problem hiding this comment.
this is changing the behavior from using the packet to drive the hash choice, to using the commandline param / config file param.
I'm not sure that changing this behavior will be backwards compatible with existing users.
Can you elaborate on the compatibility considerations for this?
There was a problem hiding this comment.
It was my understanding that the token is not controlled by the specification for TURN and that the hash choice being based on the packet was a decision made by coturn developers. As coturn currently only seems to support SHA-1 for integrity of the messages as per spec, I thought defaulting to SHA-1 would keep the existing behavior unless the command-line parameter is used. Please see the discussion in #1293. I'm not sure this is the right way to do it. So please clarify any assumptions I might be wrong about.
Add support for configuring the hash algorithm used for the "REST API
tokens" configurable. This makes it possible to use SHA-256 rather than
SHA-1, for example.
Solves #1293