[asterisk-dev] [Code Review] DTLS-SRTP Support

Matt Jordan reviewboard at asterisk.org
Mon Sep 17 09:17:25 CDT 2012 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/2113/#review7073
-----------------------------------------------------------



/trunk/configs/sip.conf.sample
<https://reviewboard.asterisk.org/r/2113/#comment13676>

    Is 'cipher' a valid SSL cipher string?  It didn't appear to be on the list at the URL provided.  If not, this should be a valid value to prevent mis-configuration.



/trunk/include/asterisk/rtp_engine.h
<https://reviewboard.asterisk.org/r/2113/#comment13677>

    Is there any reason why you chose to make these char *, instead of string fields?  It doesn't appear as if the SSL library calls that consume these values require them to be modifiable.


- Matt


On Sept. 14, 2012, 11:43 a.m., Joshua Colp wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/2113/
> -----------------------------------------------------------
> 
> (Updated Sept. 14, 2012, 11:43 a.m.)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Summary
> -------
> 
> WebRTC has migrated to using DTLS-SRTP as the method for securing media streams. This patch adds support for it using OpenSSL. DTLS is used between both sides with the keying material for SRTP extracted from that negotiation.
> 
> 
> Diffs
> -----
> 
>   /configure UNKNOWN 
>   /trunk/channels/chan_sip.c 373058 
>   /trunk/channels/sip/include/sip.h 373058 
>   /trunk/configs/sip.conf.sample 373058 
>   /trunk/configure.ac 373058 
>   /trunk/include/asterisk/autoconfig.h.in 373058 
>   /trunk/include/asterisk/rtp_engine.h 373058 
>   /trunk/main/rtp_engine.c 373058 
>   /trunk/res/res_rtp_asterisk.c 373058 
> 
> Diff: https://reviewboard.asterisk.org/r/2113/diff
> 
> 
> Testing
> -------
> 
> Tested various configurations between two Asterisk instances. Rekeying, verification, etc all appear to work. Unfortunately there are very few DTLS-SRTP implementations in the wild so testing against another implementation has not yet occurred.
> 
> 
> Thanks,
> 
> Joshua
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20120917/f7f2ee68/attachment-0001.htm>

More information about the asterisk-dev mailing list