[asterisk-dev] WebRTC over SRTP-DTLS

Lorenzo Miniero lminiero at gmail.com
Wed Dec 4 04:16:01 CST 2013 

Hi Nitesh,

my chan_sip is rather messy right now, as I changed several things due to
other experiments as well. I tried to prepare a patch that only allegedly
covers the DTLS experiments: just beware that it is for asterisk-11.1.2 and
so you may need to tweak it a bit for your case. Anyway, what I did with
respect to DTLS in chan_sip as you can see wasn't much (as I explained in
that report, most of the SDP manipulation I did in my webapp), so just to
summarize:

   1. I moved the DTLS initialization after the RTCP stuff, for the reasons
   explained in the report;
   2. I made sure that sha-256 fingerprints (sent by Chrome and Firefox)
   were accepted by the parser, and that sha-256 fingerprints were added in
   the reply too (this needs a change in the RTP engine, of course, which by
   default generates sha-1 fingerprints);
   3. a couple of fixes to an incorrect SAVPF behaviour (the wrong crypto
   context was used);
   4. an ugly hack to force DTLS if it is disabled in the configuration,
   but you get a fingerprint in the SDP: I chose to do it this way as enabling
   it in the configuration forces DTLS for all calls, which I didn't want.

Hope that helps, let me know if you need any further help.

Lorenzo


2013/12/4 nitesh bansal <nitesh.bansal at gmail.com>

> Hi Lorenzo,
>
> Thanks for your response. Can you share your patch on chan_sip.
>
> Regards,
> Nitesh Bansal
>
>
> On Mon, Dec 2, 2013 at 4:09 PM, Lorenzo Miniero <lminiero at gmail.com>wrote:
>
>> 2013/12/2 Mark Michelson <mmichelson at digium.com>
>>
>>> On 12/02/2013 05:29 AM, nitesh bansal wrote:
>>>
>>>> Hello everybody,
>>>>
>>>> I want to setup a basic Demo of WebRTC using Asterisk as WebServer and
>>>> SRTP-DTLS.
>>>> I got the demo setup using SRTP-DES with chrome, chrome is porpoising
>>>> both DTLS and DES,
>>>> Asterisk responds with DES abd call is connected.
>>>> But i want asterisk to propose DTLS also in its response, can you
>>>> please tell me if asterisk supports DTLS and if yes, is there a wiki page
>>>> with the documentation?
>>>> I could not find any relevant wikipage.
>>>>
>>>> Regards,
>>>> Nitesh
>>>>
>>>>
>>> Asterisk supports DTLS. Your best bet for documentation at the moment is
>>> to look at configs/sip.conf.sample in Asterisk 11 and grep for "DTLS-SRTP
>>> CONFIGURATION". That will direct you to a section that explains the various
>>> DTLS-related configuration options for chan_sip.
>>>
>>> Mark Michelson
>>>
>>>
>>
>> Just as an additional cue point, you may also refer to the report I wrote
>> a few months ago on making DTLS work in my case. I don't know whether or
>> not some of those points eventually made it to the documentation, and some
>> of them may be obsolete (e.g., you definitely don't need the fake crypto
>> anymore), but they may be oh help nonetheless:
>>
>> http://lists.digium.com/pipermail/asterisk-dev/2013-May/060435.html
>>
>> Lorenzo
>>
>>
>>
>>> --
>>> _____________________________________________________________________
>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>>
>>> asterisk-dev mailing list
>>> To UNSUBSCRIBE or update options visit:
>>>   http://lists.digium.com/mailman/listinfo/asterisk-dev
>>>
>>
>>
>> --
>> _____________________________________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>
>> asterisk-dev mailing list
>> To UNSUBSCRIBE or update options visit:
>>    http://lists.digium.com/mailman/listinfo/asterisk-dev
>>
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20131204/70bcb36d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dtls.patch
Type: text/x-patch
Size: 6671 bytes
Desc: not available
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20131204/70bcb36d/attachment-0001.bin>

More information about the asterisk-dev mailing list