[asterisk-dev] [Code Review]: DTLS-SRTP Support

Joshua Colp reviewboard at asterisk.org
Tue Sep 18 12:24:01 CDT 2012 


> On Sept. 17, 2012, 9:17 a.m., Matt Jordan wrote:
> > /trunk/configs/sip.conf.sample, lines 1265-1267
> > <https://reviewboard.asterisk.org/r/2113/diff/1/?file=31236#file31236line1265>
> >
> >     Is 'cipher' a valid SSL cipher string?  It didn't appear to be on the list at the URL provided.  If not, this should be a valid value to prevent mis-configuration.

Changed to match that for regular TLS.


> On Sept. 17, 2012, 9:17 a.m., Matt Jordan wrote:
> > /trunk/include/asterisk/rtp_engine.h, lines 382-386
> > <https://reviewboard.asterisk.org/r/2113/diff/1/?file=31239#file31239line382>
> >
> >     Is there any reason why you chose to make these char *, instead of string fields?  It doesn't appear as if the SSL library calls that consume these values require them to be modifiable.

The existing TLS configuration structure was used as the basis for this, and it also uses regular char *.


- Joshua


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/2113/#review7073
-----------------------------------------------------------


On Sept. 14, 2012, 11:43 a.m., Joshua Colp wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/2113/
> -----------------------------------------------------------
> 
> (Updated Sept. 14, 2012, 11:43 a.m.)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Summary
> -------
> 
> WebRTC has migrated to using DTLS-SRTP as the method for securing media streams. This patch adds support for it using OpenSSL. DTLS is used between both sides with the keying material for SRTP extracted from that negotiation.
> 
> 
> Diffs
> -----
> 
>   /configure UNKNOWN 
>   /trunk/channels/chan_sip.c 373058 
>   /trunk/channels/sip/include/sip.h 373058 
>   /trunk/configs/sip.conf.sample 373058 
>   /trunk/configure.ac 373058 
>   /trunk/include/asterisk/autoconfig.h.in 373058 
>   /trunk/include/asterisk/rtp_engine.h 373058 
>   /trunk/main/rtp_engine.c 373058 
>   /trunk/res/res_rtp_asterisk.c 373058 
> 
> Diff: https://reviewboard.asterisk.org/r/2113/diff
> 
> 
> Testing
> -------
> 
> Tested various configurations between two Asterisk instances. Rekeying, verification, etc all appear to work. Unfortunately there are very few DTLS-SRTP implementations in the wild so testing against another implementation has not yet occurred.
> 
> 
> Thanks,
> 
> Joshua
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20120918/4122abec/attachment.htm>

More information about the asterisk-dev mailing list