[asterisk-bugs] [JIRA] (ASTERISK-17899) [patch] Adds a 'ignorecryptolifetime' (Ignore Crypto Lifetime) option to sip.conf for SRTP keys specifying optional 'lifetime'

Olle Johansson (JIRA) noreply at issues.asterisk.org
Wed Sep 18 13:43:04 CDT 2013 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-17899?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=210392#comment-210392 ] 

Olle Johansson commented on ASTERISK-17899:
-------------------------------------------

The Lingon branch now handle lifetime and MKI parameters.

We only accept lifetimes up to max for the crypto and higher than 10 hours for packetization of 20 ms (50 pps).

We only handle MKI with index 1.

We do not really bother with counting packets and reinviting at end of lifetime, so the min of 10 hours kind of takes care of most calls. If there are longer ones, we rely on the other side for re-invites. 

It's still not perfect, but I personally think this is an improvement. A configuration option for minimum lifetime accepted could be added.

Please test this code with phones that you've had issues with! Thank you!

                
> [patch] Adds a 'ignorecryptolifetime' (Ignore Crypto Lifetime) option to sip.conf for SRTP keys specifying optional 'lifetime'
> ------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-17899
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-17899
>             Project: Asterisk
>          Issue Type: New Feature
>          Components: Channels/chan_sip/NewFeature
>            Reporter: Dwayne Hubbard
>         Attachments: dw-ignore-crypto-lifetime-1.8.4.patch, dw-ignore-crypto-lifetime-trunk-r320171.patch
>
>
> This functionality is disabled by default, but when enabled it will tell Asterisk to  ignore the crypto lifetime key component if one is specified.  Using this option I was able to successfully make TLS/SRTP calls to the Sangoma Express Gateway.  This patch would not be necessary if the Sangoma Express Gateway provided an option to disable the lifetime specification; but it appears that it does not.
> Without this patch, any SRTP offers that specify the optional lifetime key component will fail.
> This patch was also tested by Ryan Mayer (mantis user: 'hidden').  Thanks Ryan!
> ****** ADDITIONAL INFORMATION ******
> Here is a sample sip.conf entry:
> [guyute]
> host=5.6.7.8
> transport=tls
> encryption=yes
> ignorecryptolifetime=yes
> port=5061
> type=peer
> disallow=all
> allow=ulaw
> dtmfmode=rfc2833
> reinvite=no
> canreinvite=no
> context=default

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list