[asterisk-bugs] [JIRA] (ASTERISK-22961) [patch] DTLS-SRTP not working with SHA-256

Agustí Ubalde (JIRA) noreply at issues.asterisk.org
Fri May 30 07:26:00 CDT 2014 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-22961?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=218684#comment-218684 ] 

Agustí Ubalde commented on ASTERISK-22961:
------------------------------------------

Hi,

I have finally been able to compile Asterisk 11.9.0 patch with @Juan Ramirez, but when trying to make a call from an internal Asterisk PBX to WebRTC extension registered with sipml5 I get several errors in the console. It not works.

===================================================================================================
    -- Registered SIP '40002' at X.X:X:X:53160
  == Using SIP RTP CoS mark 5
  == Using SIP RTP CoS mark 5
[May 30 13:59:12] WARNING[21402][C-00000001]: chan_sip.c:10523 process_sdp: Processed DTLS [FALSE]
    -- Executing [40002 at public:1] Dial("SIP/Y.Y.Y.Y-00000002", "SIP/40002") in new stack
  == Using SIP RTP CoS mark 5
  == Using SIP RTP CoS mark 5
[May 30 13:59:12] ERROR[21484][C-00000001]: netsock2.c:269 ast_sockaddr_resolve: getaddrinfo("df7jal23ls0d.invalid", "(null)", ...): Name or service not known
[May 30 13:59:12] WARNING[21484][C-00000001]: chan_sip.c:15972 __set_address_from_contact: Invalid host name in Contact: (can't resolve in DNS) : 'df7jal23ls0d.invalid'
[May 30 13:59:12] ERROR[21484][C-00000001]: netsock2.c:98 ast_sockaddr_stringify_fmt: getnameinfo(): ai_family not supported
    -- Called SIP/40002
    -- SIP/40002-00000003 is ringing
    -- No one is available to answer at this time (1:0/0/0)
    -- Executing [40002 at public:2] Hangup("SIP/Y.Y.Y.Y-00000002", "") in new stack
  == Spawn extension (public, 40002, 2) exited non-zero on 'SIP/Y.Y.Y.Y-00000002'
===================================================================================================

Error in Google Chrome console:

===================================================================================================
Failed to set remote offer sdp: Called with SDP without DTLS fingerprint. SIPml-api.js?svn=179:1080
tsk_utils_log_error SIPml-api.js?svn=179:1080
tmedia_session_jsep01.onSetRemoteDescriptionError SIPml-api.js?svn=179:2740
(anonymous function)
===================================================================================================

With the release of Asterisk 11.7.0 works properly, at least with Google Chrome.

Regards,

> [patch] DTLS-SRTP not working with SHA-256
> ------------------------------------------
>
>                 Key: ASTERISK-22961
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-22961
>             Project: Asterisk
>          Issue Type: Improvement
>      Security Level: None
>          Components: Channels/chan_sip/SRTP, Channels/chan_sip/WebSocket
>    Affects Versions: 11.6.0, 11.7.0, 11.9.0, 12.0.0-beta2
>            Reporter: Jay Jideliov
>         Attachments: 11.7 patched.zip, asterisk_dtls.patch, backtrace (1).txt, chan_sip.c, dtls_retransmission.patch, ice_session.c, jssip no ring.txt, Patch_11.9_JayNitesh_corrected.patch, Patch 11.9.zip, res_rtp_asterisk.c, res_rtp_asterisk.c, srtp_dtls.patch, srtp_dtls.patch, srtp_dtls.patch, wireshark.txt
>
>
> Recently it became possible to use websocket on asterisk without a proxy previously necessary to make calls from the web browser. Although partial support has been added, full browser cross-operability has not been achieved yet. However, it seems to be a relatively easy task.
> Tested on Chrome+SIPML5+Asterisk 11, the connection can be established and works fine. However, due to the fact that Firefox sends SHA-256 packets which are not supported by asterisk, hence the support for this browser is limited by this issue.
> Step 1: Adding certificates to support DTLS
> dtlsenable = yes
> dtlsverify = no
> dtlscertfile=/etc/asterisk/keys/softphone.pem
> dtlsprivatekey=/etc/asterisk/keys/key.pem
> dtlscafile=/etc/asterisk/keys/key.pem
> Step 2: Making a call
> [Nov 25 15:05:50] WARNING[5628][C-0000005c]: chan_sip.c:11034 process_sdp_a_dtls: Unsupported fingerprint hash type 'sha-2' received on dialog '38f43a1f-15cd-ad69-c2b3-72c21b9de5fd'



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list