diff options
author | Joshua Colp <jcolp@digium.com> | 2014-06-30 19:51:28 +0000 |
---|---|---|
committer | Joshua Colp <jcolp@digium.com> | 2014-06-30 19:51:28 +0000 |
commit | 6e60f5d317d2bccaa556c98fbcc01d2db5796c1e (patch) | |
tree | 9d2e1bd2d26e584aa31e3b6b019ffe145784a2b2 /main | |
parent | 688bb204dc872aaec9f2b829fe85039c08091b55 (diff) |
Recorded merge of revisions 417677 from http://svn.asterisk.org/svn/asterisk/branches/11
........
res_rtp_asterisk: Add SHA-256 support for DTLS and perform DTLS negotiation on RTCP.
This change fixes up DTLS support in res_rtp_asterisk so it can accept and provide
a SHA-256 fingerprint, so it occurs on RTCP, and so it occurs after ICE negotiation
completes. Configuration options to chan_sip and chan_pjsip have also been added to
allow behavior to be tweaked (such as forcing the AVP type media transports in SDP).
ASTERISK-22961 #close
Reported by: Jay Jideliov
Review: https://reviewboard.asterisk.org/r/3679/
Review: https://reviewboard.asterisk.org/r/3686/
........
Merged revisions 417678 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@417679 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'main')
-rw-r--r-- | main/rtp_engine.c | 19 | ||||
-rw-r--r-- | main/sdp_srtp.c | 9 |
2 files changed, 25 insertions, 3 deletions
diff --git a/main/rtp_engine.c b/main/rtp_engine.c index 5174b9cd4..9e3d7d108 100644 --- a/main/rtp_engine.c +++ b/main/rtp_engine.c @@ -1556,7 +1556,17 @@ int ast_rtp_dtls_cfg_parse(struct ast_rtp_dtls_cfg *dtls_cfg, const char *name, if (!strcasecmp(name, "dtlsenable")) { dtls_cfg->enabled = ast_true(value) ? 1 : 0; } else if (!strcasecmp(name, "dtlsverify")) { - dtls_cfg->verify = ast_true(value) ? 1 : 0; + if (!strcasecmp(value, "yes")) { + dtls_cfg->verify = AST_RTP_DTLS_VERIFY_FINGERPRINT | AST_RTP_DTLS_VERIFY_CERTIFICATE; + } else if (!strcasecmp(value, "fingerprint")) { + dtls_cfg->verify = AST_RTP_DTLS_VERIFY_FINGERPRINT; + } else if (!strcasecmp(value, "certificate")) { + dtls_cfg->verify = AST_RTP_DTLS_VERIFY_CERTIFICATE; + } else if (!strcasecmp(value, "no")) { + dtls_cfg->verify = AST_RTP_DTLS_VERIFY_NONE; + } else { + return -1; + } } else if (!strcasecmp(name, "dtlsrekey")) { if (sscanf(value, "%30u", &dtls_cfg->rekey) != 1) { return -1; @@ -1584,6 +1594,12 @@ int ast_rtp_dtls_cfg_parse(struct ast_rtp_dtls_cfg *dtls_cfg, const char *name, } else if (!strcasecmp(value, "actpass")) { dtls_cfg->default_setup = AST_RTP_DTLS_SETUP_ACTPASS; } + } else if (!strcasecmp(name, "dtlsfingerprint")) { + if (!strcasecmp(value, "sha-256")) { + dtls_cfg->hash = AST_RTP_DTLS_HASH_SHA256; + } else if (!strcasecmp(value, "sha-1")) { + dtls_cfg->hash = AST_RTP_DTLS_HASH_SHA1; + } } else { return -1; } @@ -1597,6 +1613,7 @@ void ast_rtp_dtls_cfg_copy(const struct ast_rtp_dtls_cfg *src_cfg, struct ast_rt dst_cfg->verify = src_cfg->verify; dst_cfg->rekey = src_cfg->rekey; dst_cfg->suite = src_cfg->suite; + dst_cfg->hash = src_cfg->hash; dst_cfg->certfile = ast_strdup(src_cfg->certfile); dst_cfg->pvtfile = ast_strdup(src_cfg->pvtfile); dst_cfg->cipher = ast_strdup(src_cfg->cipher); diff --git a/main/sdp_srtp.c b/main/sdp_srtp.c index 85dc108a6..cf19b0afd 100644 --- a/main/sdp_srtp.c +++ b/main/sdp_srtp.c @@ -365,12 +365,17 @@ const char *ast_sdp_srtp_get_attrib(struct ast_sdp_srtp *srtp, int dtls_enabled, return NULL; } -char *ast_sdp_get_rtp_profile(unsigned int sdes_active, struct ast_rtp_instance *instance, unsigned int using_avpf) +char *ast_sdp_get_rtp_profile(unsigned int sdes_active, struct ast_rtp_instance *instance, unsigned int using_avpf, + unsigned int force_avp) { struct ast_rtp_engine_dtls *dtls; if ((dtls = ast_rtp_instance_get_dtls(instance)) && dtls->active(instance)) { - return using_avpf ? "UDP/TLS/RTP/SAVPF" : "UDP/TLS/RTP/SAVP"; + if (force_avp) { + return using_avpf ? "RTP/SAVPF" : "RTP/SAVP"; + } else { + return using_avpf ? "UDP/TLS/RTP/SAVPF" : "UDP/TLS/RTP/SAVP"; + } } else { if (using_avpf) { return sdes_active ? "RTP/SAVPF" : "RTP/AVPF"; |