[asterisk-dev] WebRTC over SRTP-DTLS

Lorenzo Miniero lminiero at gmail.com
Wed Dec 4 04:19:21 CST 2013 

PS: I'm not sure attachments are allowed on the mailing list. If not, feel
free to contact me privately for the patch and more info.

Lorenzo


2013/12/4 Lorenzo Miniero <lminiero at gmail.com>

> Hi Nitesh,
>
> my chan_sip is rather messy right now, as I changed several things due to
> other experiments as well. I tried to prepare a patch that only allegedly
> covers the DTLS experiments: just beware that it is for asterisk-11.1.2 and
> so you may need to tweak it a bit for your case. Anyway, what I did with
> respect to DTLS in chan_sip as you can see wasn't much (as I explained in
> that report, most of the SDP manipulation I did in my webapp), so just to
> summarize:
>
>    1. I moved the DTLS initialization after the RTCP stuff, for the
>    reasons explained in the report;
>    2. I made sure that sha-256 fingerprints (sent by Chrome and Firefox)
>    were accepted by the parser, and that sha-256 fingerprints were added in
>    the reply too (this needs a change in the RTP engine, of course, which by
>    default generates sha-1 fingerprints);
>    3. a couple of fixes to an incorrect SAVPF behaviour (the wrong crypto
>    context was used);
>    4. an ugly hack to force DTLS if it is disabled in the configuration,
>    but you get a fingerprint in the SDP: I chose to do it this way as enabling
>    it in the configuration forces DTLS for all calls, which I didn't want.
>
> Hope that helps, let me know if you need any further help.
>
> Lorenzo
>
>
> 2013/12/4 nitesh bansal <nitesh.bansal at gmail.com>
>
>> Hi Lorenzo,
>>
>> Thanks for your response. Can you share your patch on chan_sip.
>>
>> Regards,
>> Nitesh Bansal
>>
>>
>> On Mon, Dec 2, 2013 at 4:09 PM, Lorenzo Miniero <lminiero at gmail.com>wrote:
>>
>>> 2013/12/2 Mark Michelson <mmichelson at digium.com>
>>>
>>>> On 12/02/2013 05:29 AM, nitesh bansal wrote:
>>>>
>>>>> Hello everybody,
>>>>>
>>>>> I want to setup a basic Demo of WebRTC using Asterisk as WebServer and
>>>>> SRTP-DTLS.
>>>>> I got the demo setup using SRTP-DES with chrome, chrome is porpoising
>>>>> both DTLS and DES,
>>>>> Asterisk responds with DES abd call is connected.
>>>>> But i want asterisk to propose DTLS also in its response, can you
>>>>> please tell me if asterisk supports DTLS and if yes, is there a wiki page
>>>>> with the documentation?
>>>>> I could not find any relevant wikipage.
>>>>>
>>>>> Regards,
>>>>> Nitesh
>>>>>
>>>>>
>>>> Asterisk supports DTLS. Your best bet for documentation at the moment
>>>> is to look at configs/sip.conf.sample in Asterisk 11 and grep for
>>>> "DTLS-SRTP CONFIGURATION". That will direct you to a section that explains
>>>> the various DTLS-related configuration options for chan_sip.
>>>>
>>>> Mark Michelson
>>>>
>>>>
>>>
>>> Just as an additional cue point, you may also refer to the report I
>>> wrote a few months ago on making DTLS work in my case. I don't know whether
>>> or not some of those points eventually made it to the documentation, and
>>> some of them may be obsolete (e.g., you definitely don't need the fake
>>> crypto anymore), but they may be oh help nonetheless:
>>>
>>> http://lists.digium.com/pipermail/asterisk-dev/2013-May/060435.html
>>>
>>> Lorenzo
>>>
>>>
>>>
>>>> --
>>>> _____________________________________________________________________
>>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>>>
>>>> asterisk-dev mailing list
>>>> To UNSUBSCRIBE or update options visit:
>>>>   http://lists.digium.com/mailman/listinfo/asterisk-dev
>>>>
>>>
>>>
>>> --
>>> _____________________________________________________________________
>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>>
>>> asterisk-dev mailing list
>>> To UNSUBSCRIBE or update options visit:
>>>    http://lists.digium.com/mailman/listinfo/asterisk-dev
>>>
>>
>>
>> --
>> _____________________________________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>
>> asterisk-dev mailing list
>> To UNSUBSCRIBE or update options visit:
>>    http://lists.digium.com/mailman/listinfo/asterisk-dev
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20131204/aaf2b6cb/attachment.html>

More information about the asterisk-dev mailing list