[asterisk-bugs] [JIRA] (ASTERISK-22961) [patch] DTLS-SRTP not working with SHA-256
Jay Jideliov (JIRA)
noreply at issues.asterisk.org
Fri Dec 13 15:19:03 CST 2013
[ https://issues.asterisk.org/jira/browse/ASTERISK-22961?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=212933#comment-212933 ]
Jay Jideliov commented on ASTERISK-22961:
-----------------------------------------
Tried to manually apply the patch to 11.6.0, adjusting everything line by line. It might be the version (although I doubt it), but I am getting the following errors during the Make operation:
[CC] res_rtp_asterisk.c -> res_rtp_asterisk.o
res_rtp_asterisk.c: In function dtls_srtp_setup:
res_rtp_asterisk.c:1689:5: error: struct ast_rtp has no member named dtlsdone
rtp->dtlsdone = 1;
^
res_rtp_asterisk.c: In function rtp_sendto:
res_rtp_asterisk.c:1942:21: error: struct ast_rtp has no member named dtlsdone
if(rtp->ssl && !rtp->dtlsdone) {
^
res_rtp_asterisk.c: In function ast_rtp_new:
res_rtp_asterisk.c:2225:5: error: struct ast_rtp has no member named instance
rtp->instance = instance;
^
res_rtp_asterisk.c: In function ast_rtp_activate:
res_rtp_asterisk.c:4651:9: error: struct ast_rtp has no member named ice
if(!rtp->ice || rtp->icedone) {
^
res_rtp_asterisk.c:4651:21: error: struct ast_rtp has no member named icedone
if(!rtp->ice || rtp->icedone) {
^
make[1]: *** [res_rtp_asterisk.o] Error 1
I checked the 11.1.2 - and did not find those variables either.
> [patch] DTLS-SRTP not working with SHA-256
> ------------------------------------------
>
> Key: ASTERISK-22961
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-22961
> Project: Asterisk
> Issue Type: Improvement
> Security Level: None
> Components: Channels/chan_sip/SRTP, Channels/chan_sip/WebSocket
> Affects Versions: 11.6.0, 12.0.0-beta2
> Reporter: Jay Jideliov
> Attachments: asterisk_dtls.patch
>
>
> Recently it became possible to use websocket on asterisk without a proxy previously necessary to make calls from the web browser. Although partial support has been added, full browser cross-operability has not been achieved yet. However, it seems to be a relatively easy task.
> Tested on Chrome+SIPML5+Asterisk 11, the connection can be established and works fine. However, due to the fact that Firefox sends SHA-256 packets which are not supported by asterisk, hence the support for this browser is limited by this issue.
> Step 1: Adding certificates to support DTLS
> dtlsenable = yes
> dtlsverify = no
> dtlscertfile=/etc/asterisk/keys/softphone.pem
> dtlsprivatekey=/etc/asterisk/keys/key.pem
> dtlscafile=/etc/asterisk/keys/key.pem
> Step 2: Making a call
> [Nov 25 15:05:50] WARNING[5628][C-0000005c]: chan_sip.c:11034 process_sdp_a_dtls: Unsupported fingerprint hash type 'sha-2' received on dialog '38f43a1f-15cd-ad69-c2b3-72c21b9de5fd'
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the asterisk-bugs
mailing list