[Asterisk-code-review] chan sip: Allow Preferred sRTP. (asterisk[master])

Alexander Traud asteriskteam at digium.com
Tue Jul 19 09:46:02 CDT 2016 

Alexander Traud has uploaded a new change for review.

  https://gerrit.asterisk.org/3234

Change subject: chan_sip: Allow Preferred sRTP.
......................................................................

chan_sip: Allow Preferred sRTP.

Following the Encrypt-all-the-things paradigm:

The user enters his SIP-URI and password. Thanks to DNS-NAPTR, the phone
determines SIP-over-TLS as preferred transport. In SIP/SDP, the phone starts
the call with a crypto attribute, but not as RTP/sAVP but the RTP/AVP profile
(sRTP is preferred aka optional; not mandatory). If the VoIP server does not
support sRTP and TLS, the phone shows an open padlock icon.

This paradigm is supported by several VoIP/SIP clients on default. Some
implementations even cannot be changed to RTP/sAVP. Therefore here, this
change allows Preferred sRTP for ingress. For egress, please, create a dial
plan which starts with RTP/SAVP, and when rejected tries again with RTP/AVP.

ASTERISK-20234 #close
Reported by: tootai
Tested by: tootai, Alexander Traud
patches:
 srtp_patches.diff submitted by Matt Jordan

Change-Id: I42cb779df3a9c7b3dd03a629fb3a296aa4ceb0fd
---
M channels/chan_sip.c
1 file changed, 8 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/34/3234/1

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index b2522b6..7d4b085 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -10616,6 +10616,10 @@
 					} else if (!processed_crypto && process_crypto(p, p->rtp, &p->srtp, value)) {
 						processed_crypto = TRUE;
 						processed = TRUE;
+						if (secure_audio == FALSE) {
+							ast_log(AST_LOG_NOTICE, "Processed audio crypto attribute without SAVP specified; accepting anyway\n");
+							secure_audio = TRUE;
+						}
 					} else if (process_sdp_a_audio(value, p, &newaudiortp, &last_rtpmap_codec)) {
 						processed = TRUE;
 					}
@@ -10633,6 +10637,10 @@
 					} else if (!processed_crypto && process_crypto(p, p->vrtp, &p->vsrtp, value)) {
 						processed_crypto = TRUE;
 						processed = TRUE;
+						if (secure_video == FALSE) {
+							ast_log(AST_LOG_NOTICE, "Processed video crypto attribute without SAVP specified; accepting anyway\n");
+							secure_video = TRUE;
+						}
 					} else if (process_sdp_a_video(value, p, &newvideortp, &last_rtpmap_codec)) {
 						processed = TRUE;
 					}

-- 
To view, visit https://gerrit.asterisk.org/3234
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I42cb779df3a9c7b3dd03a629fb3a296aa4ceb0fd
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Owner: Alexander Traud <pabstraud at compuserve.com>

More information about the asterisk-code-review mailing list