[asterisk-bugs] [Asterisk 0019335]: [patch] Should "encryption" be a global option ??
Asterisk Bug Tracker
noreply at bugs.digium.com
Tue May 24 00:13:12 CDT 2011
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=19335
======================================================================
Reported By: irroot
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 19335
Category: Channels/chan_sip/SRTP
Reproducibility: N/A
Severity: trivial
Priority: normal
Status: ready for testing
Asterisk Version: SVN
JIRA: SWP-3490
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): trunk
SVN Revision (number only!):
Request Review:
======================================================================
Date Submitted: 2011-05-20 03:44 CDT
Last Modified: 2011-05-24 00:13 CDT
======================================================================
Summary: [patch] Should "encryption" be a global option ??
Description:
allow SRTP global setting in addition to per peer setting ??
this is a trivial patch ...
this also raises a janitor project sip.h has a G/D/P for the context of
the setting some global settings ie faxdetect are not marked G
======================================================================
----------------------------------------------------------------------
(0135321) irroot (reporter) - 2011-05-24 00:13
https://issues.asterisk.org/view.php?id=19335#c135321
----------------------------------------------------------------------
1) having this a global option with a "try" option will allow IP based
calling to use SRTP this in my case will be inter branch and enum calls.
2)SRTP_ENCR_OPTIONAL is a flag set on the srtp struct and is unused the
"try" option is a per peer/pvt option that will prevent failure when the
request is not met most phones have got a "attempt" / "enforce" option this
is a extension of this into asterisk
3)i have not seen how to implement F8 with libsrtp it seems it is not
supported this is also listed as a optional requirement if this is
supported it would be great to add it to asterisk.
the consensus seems to be adding a option "encryption_taglen" defaults to
80 and accepts 32 this will use the 32bit version in a outgoing invite if
set
the other part of the equation is to respond to a INVITE with the same
taglen so if i get a 32bit taglen respond with 32bit this is built into the
patch.
it would be nice to offer both options in a invite and extend asterisk to
work with multiple offers once this is settled the patch you had does work
toward this and its worth looking at again there is also a patch to ignore
offers with 0 port.
Issue History
Date Modified Username Field Change
======================================================================
2011-05-24 00:13 irroot Note Added: 0135321
======================================================================
More information about the asterisk-bugs
mailing list