[asterisk-dev] Asterisk 11; WEBRTC firefox nightly build fingeprint sha-256

Nitesh Bansal nitesh.bansal at gmail.com
Mon Jan 27 09:17:41 CST 2014


Hello everyone,

Contining on the DTLS-SRTP, i need asterisk to be able to retry DTLS
handshake in case there is no response from the peer for the first
attempted handshake.
This is happening in case i use the media-proxy with asterisk, media-proxy
is sending DTLS data before completing the ICE handshake, so DTLS messages
are being
sent to an ICE candidate which is different from final selected ice
candidate. In this case, i would like asterisk to attempt the DTLS
handshake after a specific timeout?
Any pointers on how this can be done ( i can think of scheduling a timer) ?
P.S: With media-proxy, asterisk sees the de-iced SDP, media-proxy is
handling the ICE handshake on its own.

Regards,
Nitesh Bansal



On Fri, Jan 24, 2014 at 4:22 PM, Daniel Pocock <daniel at pocock.com.au> wrote:

>  On 24/01/14 10:59, Lorenzo Miniero wrote:
>
> Hi Daniel,
>
>  the "sha-2" error can be easily circumvented, and the dtlsverify=no
> needs an additional callback in the code to always return a success. Nitesh
> and I provided some patches here:
>
>  https://issues.asterisk.org/jira/browse/ASTERISK-22961
>
>  Mine was specifically targeted at getting Firefox to work, but I only
> tested incoming calls. I didn't test Nitesh's one, but apparently he
> managed to get it to work as well.
>
>
> Thanks for this, I've tested with it
>
> Two things were necessary for success with Firefox:
> a) I applied Nitish's patch to the latest 11.7 from Debian (it is on a
> branch dtls-srtp-patch), it builds on wheezy and appears to work
>
> http://anonscm.debian.org/gitweb/?p=pkg-voip/asterisk.git;a=shortlog;h=refs/heads/dtls-srtp-patch
> Anybody wanting to test can clone from there and then
>   dpkg-buildpackage -rfakeroot -i.git
> to build packages with the change.  This has not been uploaded in any
> official packages, I let the package maintainers decide if they want to
> support the patch.
>
> b) I had to work around the issue with the media descriptor protocol
> sub-field.  In JSCommunicator (using the branch "develop" from JsSIP), I
> look at the field in the outgoing and incoming INVITE and change it to/from
> the Asterisk format:
>
> https://github.com/opentelecoms-org/jscommunicator/commit/6980f8e1c3311c46154b3840d695f0ddc9c8c8ae
>
> It can now be tested with the links at http://www.sip5060.net/test-callsand/or from
> http://www.lumicall.org/drucall - both now appear to work from Firefox
> and it appears to maintain compatibility for calls between JSCommunicator
> users.
>
> However, I'd like to understand if I really should have the patch/hack in
> JSCommunicator at all - should Asterisk be willing to accept SDP specifying
> "RTP/SAVPF" alone?  If so, then I can cut out half the JSCommunicator patch.
>
>
>
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20140127/c7b95c12/attachment-0001.html>


More information about the asterisk-dev mailing list