Fix SIP URI scheme handling: follow AOR scheme (sip:/sips:) and raise RegistrationError on failure#22
Conversation
Co-authored-by: codingjoe <[email protected]>
|
Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details. Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
|
@copilot we want to be as secure as possible. Does the RFC have any suggestions for fallback implementations? Can we try the most secure version and fall back? |
Co-authored-by: codingjoe <[email protected]>
RFC 5630 §4 treats Implemented in 265152b:
A Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
|
pre-commit.ci run |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## transcribe-call #22 +/- ##
===================================================
+ Coverage 94.62% 94.68% +0.05%
===================================================
Files 16 16
Lines 1303 1317 +14
===================================================
+ Hits 1233 1247 +14
Misses 70 70 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Pull request overview
Updates SIP registration behavior to follow RFC 5630 scheme negotiation: try sips: first over TLS, and automatically fall back to sip: (with transport=tls in Contact) when servers reject sips: with 403 Forbidden, improving interoperability with carriers.
Changes:
- Add
_sips_downgradedstate and implement 403-driven one-time retry with downgraded URI scheme inresponse_received(). - Centralize Contact header construction via
_build_contact()and use it for both REGISTER and INVITE answers. - Change CLI default AOR scheme from
sips:tosip:and update related tests/docs.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
voip/sip/protocol.py |
Implements sips:→sip: downgrade logic, adds _build_contact(), and adjusts registrar URI selection based on TLS + downgrade state. |
voip/__main__.py |
Defaults CLI-generated AOR to sip: instead of sips:. |
tests/test_main.py |
Updates CLI tests to match the new default AOR scheme. |
tests/sip/test_protocol.py |
Adds/updates tests for registrar URI selection, Contact formatting under downgrade, and 403 retry behavior. |
You can also share your feedback on Copilot code review. Take the survey.
voip/sip/protocol.py
Outdated
| logger.warning( | ||
| "REGISTER rejected with 403 Forbidden while using sips: URIs; " | ||
| "server may not support sips: — retrying with sip:;transport=tls " | ||
| "(RFC 5630 §4 fallback)" | ||
| ) | ||
| self._sips_downgraded = True | ||
| asyncio.create_task(self.register()) | ||
| return |
…lure Co-authored-by: codingjoe <[email protected]>
Done in 5415777. The fallback is removed; the code now follows the scheme (
Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
TLS-registered clients were receiving
SIP/2.0 403 Forbiddenand other error responses because the code used hardcoded URI schemes in REGISTER requests and Contact headers, ignoring the scheme configured in the AOR. The URI scheme (sip:orsips:) is now taken directly from the configured AOR, and any unexpected REGISTER response raises a descriptiveRegistrationError.Changes
RegistrationError— new exception class (exported from__all__) raised when a REGISTER response is unexpected; message includes the server's status code and reason phrase (e.g."403 Forbidden")registrar_uri— preserves the AOR scheme verbatim:sips:[email protected]→REGISTER sips:example.com,sip:[email protected]→REGISTER sip:example.com_build_contact(user=None)— helper that builds the Contact URI using the AOR scheme:sips:AOR →<sips:user@host:port>;sip:AOR over TLS →<sip:user@host:port;transport=tls>; used by bothregister()and_answer()response_received()— raisesRegistrationError("{status_code} {reason}")immediately for any unexpected REGISTER response; no silent retries or state mutation💬 Send tasks to Copilot coding agent from Slack and Teams to turn conversations into code. Copilot posts an update in your thread when it's finished.