[asterisk-bugs] [JIRA] (ASTERISK-22961) [patch] DTLS-SRTP not working with SHA-256
Richard Mudgett (JIRA)
noreply at issues.asterisk.org
Tue Apr 1 12:39:18 CDT 2014
[ https://issues.asterisk.org/jira/browse/ASTERISK-22961?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=216959#comment-216959 ]
Richard Mudgett edited comment on ASTERISK-22961 at 4/1/14 12:38 PM:
---------------------------------------------------------------------
Asterisk 12
{noformat}
chan_sip.c: In function ‘add_dtls_to_sdp’:
chan_sip.c:12900: warning: passing argument 2 of ‘dtls->get_fingerprint’ makes pointer from integer without a cast
chan_sip.c:12900: note: expected ‘const struct ast_rtp_dtls_cfg *’ but argument is of type ‘int’
chan_sip.c:12900: error: too few arguments to function ‘dtls->get_fingerprint’
make[1]: *** [chan_sip.o] Error 1
{noformat}
I did the following to get to compile
changed chan_sip.c
from
{noformat}
if ((fingerprint = dtls->get_fingerprint(instance, AST_RTP_DTLS_HASH_SHA1))) {
ast_str_append(a_buf, 0, "a=fingerprint:SHA-1 %s\r\n", fingerprint);
}
{noformat}
to
{noformat}
if ((fingerprint = dtls->get_fingerprint(instance, &dialog->dtls_cfg, AST_RTP_DTLS_HASH_SHA256))) {
ast_str_append(a_buf, 0, "a=fingerprint:SHA-256 %s\r\n", fingerprint);
}
else if ((fingerprint = dtls->get_fingerprint(instance, &dialog->dtls_cfg, AST_RTP_DTLS_HASH_SHA1)))
{
ast_str_append(a_buf, 0, "a=fingerprint:SHA-1 %s\r\n", fingerprint);
}
{noformat}
was (Author: jaflong):
Asterisk 12
chan_sip.c: In function ‘add_dtls_to_sdp’:
chan_sip.c:12900: warning: passing argument 2 of ‘dtls->get_fingerprint’ makes pointer from integer without a cast
chan_sip.c:12900: note: expected ‘const struct ast_rtp_dtls_cfg *’ but argument is of type ‘int’
chan_sip.c:12900: error: too few arguments to function ‘dtls->get_fingerprint’
make[1]: *** [chan_sip.o] Error 1
I did the following to get to compile
changed chan_sip.c
from
if ((fingerprint = dtls->get_fingerprint(instance, AST_RTP_DTLS_HASH_SHA1))) {
ast_str_append(a_buf, 0, "a=fingerprint:SHA-1 %s\r\n", fingerprint);
}
to
if ((fingerprint = dtls->get_fingerprint(instance, &dialog->dtls_cfg, AST_RTP_DTLS_HASH_SHA256))) {
ast_str_append(a_buf, 0, "a=fingerprint:SHA-256 %s\r\n", fingerprint);
}
else if ((fingerprint = dtls->get_fingerprint(instance, &dialog->dtls_cfg, AST_RTP_DTLS_HASH_SHA1)))
{
ast_str_append(a_buf, 0, "a=fingerprint:SHA-1 %s\r\n", fingerprint);
}
> [patch] DTLS-SRTP not working with SHA-256
> ------------------------------------------
>
> Key: ASTERISK-22961
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-22961
> Project: Asterisk
> Issue Type: Improvement
> Security Level: None
> Components: Channels/chan_sip/SRTP, Channels/chan_sip/WebSocket
> Affects Versions: 11.6.0, 12.0.0-beta2
> Reporter: Jay Jideliov
> Attachments: 11.7 patched.zip, asterisk_dtls.patch, chan_sip.c, dtls_retransmission.patch, ice_session.c, res_rtp_asterisk.c, res_rtp_asterisk.c, srtp_dtls.patch, srtp_dtls.patch
>
>
> Recently it became possible to use websocket on asterisk without a proxy previously necessary to make calls from the web browser. Although partial support has been added, full browser cross-operability has not been achieved yet. However, it seems to be a relatively easy task.
> Tested on Chrome+SIPML5+Asterisk 11, the connection can be established and works fine. However, due to the fact that Firefox sends SHA-256 packets which are not supported by asterisk, hence the support for this browser is limited by this issue.
> Step 1: Adding certificates to support DTLS
> dtlsenable = yes
> dtlsverify = no
> dtlscertfile=/etc/asterisk/keys/softphone.pem
> dtlsprivatekey=/etc/asterisk/keys/key.pem
> dtlscafile=/etc/asterisk/keys/key.pem
> Step 2: Making a call
> [Nov 25 15:05:50] WARNING[5628][C-0000005c]: chan_sip.c:11034 process_sdp_a_dtls: Unsupported fingerprint hash type 'sha-2' received on dialog '38f43a1f-15cd-ad69-c2b3-72c21b9de5fd'
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list