[asterisk-dev] WebRTC over SRTP-DTLS

Lorenzo Miniero lminiero at gmail.com
Wed Dec 11 05:46:53 CST 2013 

Just FYI, I published the whole patch here:

https://issues.asterisk.org/jira/browse/ASTERISK-22961?focusedCommentId=212829&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-212829

As explained there, I didn't test it but it should work fine.

Lorenzo


2013/12/4 nitesh bansal <nitesh.bansal at gmail.com>

> Thanks Lorenzo for your patch, i will try to sort out my Asterisk 11.4 now.
> Have a good day.
>
> Regards,
> Nitesh
>
>
>
> On Wed, Dec 4, 2013 at 11:19 AM, Lorenzo Miniero <lminiero at gmail.com>wrote:
>
>> PS: I'm not sure attachments are allowed on the mailing list. If not,
>> feel free to contact me privately for the patch and more info.
>>
>> Lorenzo
>>
>>
>> 2013/12/4 Lorenzo Miniero <lminiero at gmail.com>
>>
>>> Hi Nitesh,
>>>
>>> my chan_sip is rather messy right now, as I changed several things due
>>> to other experiments as well. I tried to prepare a patch that only
>>> allegedly covers the DTLS experiments: just beware that it is for
>>> asterisk-11.1.2 and so you may need to tweak it a bit for your case.
>>> Anyway, what I did with respect to DTLS in chan_sip as you can see wasn't
>>> much (as I explained in that report, most of the SDP manipulation I did in
>>> my webapp), so just to summarize:
>>>
>>>    1. I moved the DTLS initialization after the RTCP stuff, for the
>>>    reasons explained in the report;
>>>    2. I made sure that sha-256 fingerprints (sent by Chrome and
>>>    Firefox) were accepted by the parser, and that sha-256 fingerprints were
>>>    added in the reply too (this needs a change in the RTP engine, of course,
>>>    which by default generates sha-1 fingerprints);
>>>    3. a couple of fixes to an incorrect SAVPF behaviour (the wrong
>>>    crypto context was used);
>>>    4. an ugly hack to force DTLS if it is disabled in the
>>>    configuration, but you get a fingerprint in the SDP: I chose to do it this
>>>    way as enabling it in the configuration forces DTLS for all calls, which I
>>>    didn't want.
>>>
>>> Hope that helps, let me know if you need any further help.
>>>
>>> Lorenzo
>>>
>>>
>>> 2013/12/4 nitesh bansal <nitesh.bansal at gmail.com>
>>>
>>>> Hi Lorenzo,
>>>>
>>>> Thanks for your response. Can you share your patch on chan_sip.
>>>>
>>>> Regards,
>>>> Nitesh Bansal
>>>>
>>>>
>>>> On Mon, Dec 2, 2013 at 4:09 PM, Lorenzo Miniero <lminiero at gmail.com>wrote:
>>>>
>>>>> 2013/12/2 Mark Michelson <mmichelson at digium.com>
>>>>>
>>>>>> On 12/02/2013 05:29 AM, nitesh bansal wrote:
>>>>>>
>>>>>>> Hello everybody,
>>>>>>>
>>>>>>> I want to setup a basic Demo of WebRTC using Asterisk as WebServer
>>>>>>> and SRTP-DTLS.
>>>>>>> I got the demo setup using SRTP-DES with chrome, chrome is
>>>>>>> porpoising both DTLS and DES,
>>>>>>> Asterisk responds with DES abd call is connected.
>>>>>>> But i want asterisk to propose DTLS also in its response, can you
>>>>>>> please tell me if asterisk supports DTLS and if yes, is there a wiki page
>>>>>>> with the documentation?
>>>>>>> I could not find any relevant wikipage.
>>>>>>>
>>>>>>> Regards,
>>>>>>> Nitesh
>>>>>>>
>>>>>>>
>>>>>> Asterisk supports DTLS. Your best bet for documentation at the moment
>>>>>> is to look at configs/sip.conf.sample in Asterisk 11 and grep for
>>>>>> "DTLS-SRTP CONFIGURATION". That will direct you to a section that explains
>>>>>> the various DTLS-related configuration options for chan_sip.
>>>>>>
>>>>>> Mark Michelson
>>>>>>
>>>>>>
>>>>>
>>>>> Just as an additional cue point, you may also refer to the report I
>>>>> wrote a few months ago on making DTLS work in my case. I don't know whether
>>>>> or not some of those points eventually made it to the documentation, and
>>>>> some of them may be obsolete (e.g., you definitely don't need the fake
>>>>> crypto anymore), but they may be oh help nonetheless:
>>>>>
>>>>> http://lists.digium.com/pipermail/asterisk-dev/2013-May/060435.html
>>>>>
>>>>> Lorenzo
>>>>>
>>>>>
>>>>>
>>>>>> --
>>>>>> _____________________________________________________________________
>>>>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>>>>>
>>>>>> asterisk-dev mailing list
>>>>>> To UNSUBSCRIBE or update options visit:
>>>>>>   http://lists.digium.com/mailman/listinfo/asterisk-dev
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> _____________________________________________________________________
>>>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>>>>
>>>>> asterisk-dev mailing list
>>>>> To UNSUBSCRIBE or update options visit:
>>>>>    http://lists.digium.com/mailman/listinfo/asterisk-dev
>>>>>
>>>>
>>>>
>>>> --
>>>> _____________________________________________________________________
>>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>>>
>>>> asterisk-dev mailing list
>>>> To UNSUBSCRIBE or update options visit:
>>>>    http://lists.digium.com/mailman/listinfo/asterisk-dev
>>>>
>>>
>>>
>>
>> --
>> _____________________________________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>
>> asterisk-dev mailing list
>> To UNSUBSCRIBE or update options visit:
>>    http://lists.digium.com/mailman/listinfo/asterisk-dev
>>
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20131211/46921986/attachment.html>

More information about the asterisk-dev mailing list