[asterisk-dev] Enable dtls_cfg

jaflong jaflong jaflong at yandex.com
Fri Mar 28 07:42:56 CDT 2014 

Hi Joshua,

I did have this set

dtlsenable=yes
dtlsverify=no
dtlsrekey=60
dtlscertfile=/etc/asterisk/certs/asterisk.pem
dtlsprivatekey=/etc/asterisk/certs/asterisk.key
dtlscafile=/etc/asterisk/certs/asterisk.pem
dtlscipher=ALL
dtlssetup=actpass


Do you think the the SHA-256 issue was the cause of my error?
Thanks for pointing out the patch which I will test





28.03.2014, 16:29, "Joshua Colp" <jcolp at digium.com>:
> jaflong jaflong wrote:
>
>>  Hi
>>
>>  I am having problems using DTLS-SRTP and trying to debug why I am getting this error
>>  [Mar 26 14:48:23] WARNING[31977][C-00000009]: chan_sip.c:10657 process_sdp: Can't provide secure audio requested in SDP offer
>>
>>  In chan_sip.c
>>
>>  Tracing through the code, at this point the value of p->dtls_cfg.enabled is FALSE when run.
>>  Any tip on how to get p->dtls_cfg.enabled set to TRUE. It seems DTLS config is not getting initiated
>
> Have you enabled it in the configuration? It's controlled using dtlsenable.
>
>>  static int process_sdp_a_dtls(const char *a, struct sip_pvt *p, struct ast_rtp_instance *instance)
>>  {
>>           struct ast_rtp_engine_dtls *dtls;
>>           int found = FALSE;
>>           char value[256], hash[6];
>>
>>           if (!instance || !p->dtls_cfg.enabled || !(dtls = ast_rtp_instance_get_dtls(instance))) {
>>                   return found;
>>           }
>>
>>  By the way what is the minimum version required of openssl to use DTLS-SRTP.
>>  At present I have 1.01e-fips (cento 6.5)
>
> DTLS-SRTP suppor was added to OpenSSL in version 1.0.1, so it should be
> fine.
>
> Asterisk also does not support SHA-256 currently without using the patch
> available at https://issues.asterisk.org/jira/browse/ASTERISK-22961
>
> --
> Joshua Colp
> Digium, Inc. | Senior Software Developer
> 445 Jan Davis Drive NW - Huntsville, AL 35806 - US
> Check us out at: www.digium.com & www.asterisk.org
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev

More information about the asterisk-dev mailing list