[asterisk-bugs] [Asterisk 0005413]: [branch] Secure RTP (SRTP)
Asterisk Bug Tracker
noreply at bugs.digium.com
Fri Jan 9 05:15:04 CST 2009
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=5413
======================================================================
Reported By: mikma
Assigned To: otherwiseguy
======================================================================
Project: Asterisk
Issue ID: 5413
Category: Channels/chan_sip/NewFeature
Reproducibility: N/A
Severity: feature
Priority: normal
Status: assigned
Target Version: 1.6.3
Asterisk Version: SVN
Regression: No
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!): 48491
Disclaimer on File?: Yes
Request Review:
======================================================================
Date Submitted: 2005-10-09 10:36 CDT
Last Modified: 2009-01-09 05:14 CST
======================================================================
Summary: [branch] Secure RTP (SRTP)
Description:
This patch adds initial support for secure RTP using libsrt[1]. It can
be used in for example an implementation of the sdecriptions draft[2].
[1] http://srtp.sourceforge.net/srtp.html
[2]
http://www.ietf.org/internet-drafts/draft-ietf-mmusic-sdescriptions-12.txt
Update (17/12/2008): Branch against trunk is located here
http://svn.digium.com/svn/asterisk/team/group/srtp
======================================================================
Relationships ID Summary
----------------------------------------------------------------------
related to 0010129 Module SRTP can't loaded
======================================================================
----------------------------------------------------------------------
(0097265) phsultan (manager) - 2009-01-09 05:14
http://bugs.digium.com/view.php?id=5413#c97265
----------------------------------------------------------------------
Hi Terry,
I had tested the SRTP branch right before the changes you just brought to
the code. I had it working with Eyebeam (1.5.18.2 on Mac), Aastra 55i
(2.1.2.30) and SNOM 360 (6.5.15).
However, I had to revert a change you made to have the SNOM phone work, as
well as the Aastra (when configured to place SRTP calls when possible). In
both cases, when placing calls from those phones to Asterisk, the SDP
packets contain an unsecured RTP profile, plus a crypto offer :
m=audio 5062 RTP/AVP 0 8
[...]
a=crypto:1 [...]
And we furtherly fall into this code section, so the call is refused :
if (!secure_audio && p->srtp) {
ast_log(LOG_WARNING, "We are requesting SRTP, but they responded without
it!\n");
return -2;
}
Don't you think we should accept those packets, and consider them as a
request to place a call with SRTP? From your previous notes, it looks like
Polycom phones don't like those messages, so maybe we can have Asterisk
change the RTP profile to RTP/SAVP before relaying the SIP requests.
The use case I was asked to work on by the customer is to not have the
calls encrypted by default, and to prefix the dialed number with * if the
caller wants to protect the call. This makes SRTP optional and proposed by
default on the phones.
Thanks for the hard work you're putting on that, I think we now have a
good dialplan control on how to process SRTP calls.
PS: maybe we should advertise SRTP in _sip_show_peers too.
Issue History
Date Modified Username Field Change
======================================================================
2009-01-09 05:14 phsultan Note Added: 0097265
======================================================================
More information about the asterisk-bugs
mailing list