[asterisk-bugs] [JIRA] (ASTERISK-24711) DTLS handshake broken with latest OpenSSL versions
Jared Biel (JIRA)
noreply at issues.asterisk.org
Thu Jan 22 11:14:37 CST 2015
Jared Biel created ASTERISK-24711:
-------------------------------------
Summary: DTLS handshake broken with latest OpenSSL versions
Key: ASTERISK-24711
URL: https://issues.asterisk.org/jira/browse/ASTERISK-24711
Project: Asterisk
Issue Type: Bug
Security Level: None
Affects Versions: 13.1.0
Reporter: Jared Biel
The latest versions of OpenSSL recently cleaned up some DTLS vulnerabilities and one of them (I believe it's CVE-2015-0206) caused RTP DTLS handshakes to stop working. This means that all WebRTC calls fail to negotiate audio. I came across this issue using a fully updated Ubuntu 14.04 server running OpenSSL 1.0.1f-1ubuntu2.8 and Asterisk 13.1.0.
Upstream report: http://rt.openssl.org/Ticket/Display.html?id=3657
The one-line workaround mentioned in the ticket worked for me. Patch:
{code}
--- a/res/res_rtp_asterisk.c
+++ b/res/res_rtp_asterisk.c
@@ -1320,6 +1320,8 @@
return -1;
}
+ SSL_CTX_set_read_ahead(rtp->ssl_ctx, 1);
+
if (!(certbio = BIO_new(BIO_s_file()))) {
ast_log(LOG_ERROR, "Failed to allocate memory for certificate fingerprinting on RTP instance '%p'\n",
instance);
{code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list