[asterisk-dev] WebRTC over SRTP-DTLS

nitesh bansal nitesh.bansal at gmail.com
Wed Dec 4 08:35:48 CST 2013 

Thanks Lorenzo for your patch, i will try to sort out my Asterisk 11.4 now.
Have a good day.

Regards,
Nitesh



On Wed, Dec 4, 2013 at 11:19 AM, Lorenzo Miniero <lminiero at gmail.com> wrote:

> PS: I'm not sure attachments are allowed on the mailing list. If not, feel
> free to contact me privately for the patch and more info.
>
> Lorenzo
>
>
> 2013/12/4 Lorenzo Miniero <lminiero at gmail.com>
>
>> Hi Nitesh,
>>
>> my chan_sip is rather messy right now, as I changed several things due to
>> other experiments as well. I tried to prepare a patch that only allegedly
>> covers the DTLS experiments: just beware that it is for asterisk-11.1.2 and
>> so you may need to tweak it a bit for your case. Anyway, what I did with
>> respect to DTLS in chan_sip as you can see wasn't much (as I explained in
>> that report, most of the SDP manipulation I did in my webapp), so just to
>> summarize:
>>
>>    1. I moved the DTLS initialization after the RTCP stuff, for the
>>    reasons explained in the report;
>>    2. I made sure that sha-256 fingerprints (sent by Chrome and Firefox)
>>    were accepted by the parser, and that sha-256 fingerprints were added in
>>    the reply too (this needs a change in the RTP engine, of course, which by
>>    default generates sha-1 fingerprints);
>>    3. a couple of fixes to an incorrect SAVPF behaviour (the wrong
>>    crypto context was used);
>>    4. an ugly hack to force DTLS if it is disabled in the configuration,
>>    but you get a fingerprint in the SDP: I chose to do it this way as enabling
>>    it in the configuration forces DTLS for all calls, which I didn't want.
>>
>> Hope that helps, let me know if you need any further help.
>>
>> Lorenzo
>>
>>
>> 2013/12/4 nitesh bansal <nitesh.bansal at gmail.com>
>>
>>> Hi Lorenzo,
>>>
>>> Thanks for your response. Can you share your patch on chan_sip.
>>>
>>> Regards,
>>> Nitesh Bansal
>>>
>>>
>>> On Mon, Dec 2, 2013 at 4:09 PM, Lorenzo Miniero <lminiero at gmail.com>wrote:
>>>
>>>> 2013/12/2 Mark Michelson <mmichelson at digium.com>
>>>>
>>>>> On 12/02/2013 05:29 AM, nitesh bansal wrote:
>>>>>
>>>>>> Hello everybody,
>>>>>>
>>>>>> I want to setup a basic Demo of WebRTC using Asterisk as WebServer
>>>>>> and SRTP-DTLS.
>>>>>> I got the demo setup using SRTP-DES with chrome, chrome is porpoising
>>>>>> both DTLS and DES,
>>>>>> Asterisk responds with DES abd call is connected.
>>>>>> But i want asterisk to propose DTLS also in its response, can you
>>>>>> please tell me if asterisk supports DTLS and if yes, is there a wiki page
>>>>>> with the documentation?
>>>>>> I could not find any relevant wikipage.
>>>>>>
>>>>>> Regards,
>>>>>> Nitesh
>>>>>>
>>>>>>
>>>>> Asterisk supports DTLS. Your best bet for documentation at the moment
>>>>> is to look at configs/sip.conf.sample in Asterisk 11 and grep for
>>>>> "DTLS-SRTP CONFIGURATION". That will direct you to a section that explains
>>>>> the various DTLS-related configuration options for chan_sip.
>>>>>
>>>>> Mark Michelson
>>>>>
>>>>>
>>>>
>>>> Just as an additional cue point, you may also refer to the report I
>>>> wrote a few months ago on making DTLS work in my case. I don't know whether
>>>> or not some of those points eventually made it to the documentation, and
>>>> some of them may be obsolete (e.g., you definitely don't need the fake
>>>> crypto anymore), but they may be oh help nonetheless:
>>>>
>>>> http://lists.digium.com/pipermail/asterisk-dev/2013-May/060435.html
>>>>
>>>> Lorenzo
>>>>
>>>>
>>>>
>>>>> --
>>>>> _____________________________________________________________________
>>>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>>>>
>>>>> asterisk-dev mailing list
>>>>> To UNSUBSCRIBE or update options visit:
>>>>>   http://lists.digium.com/mailman/listinfo/asterisk-dev
>>>>>
>>>>
>>>>
>>>> --
>>>> _____________________________________________________________________
>>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>>>
>>>> asterisk-dev mailing list
>>>> To UNSUBSCRIBE or update options visit:
>>>>    http://lists.digium.com/mailman/listinfo/asterisk-dev
>>>>
>>>
>>>
>>> --
>>> _____________________________________________________________________
>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>>
>>> asterisk-dev mailing list
>>> To UNSUBSCRIBE or update options visit:
>>>    http://lists.digium.com/mailman/listinfo/asterisk-dev
>>>
>>
>>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20131204/1614b56f/attachment.html>

More information about the asterisk-dev mailing list