[asterisk-dev] pjsip asterisk 13.24: sips / srtp and Deutsche Telekom doesn't work because of missing mediasec parameters

Michael Maier m1278468 at mailbox.org
Mon Sep 16 12:18:54 CDT 2019


On 02.09.19 at 19:03 Michael Maier wrote:
> On 30.05.19 at 10:24 Michael Maier wrote:
>> Hello!
>>
>> I wrote some code, which adds basic media encryption support to be used with Deutsche Telekom. The attached patch is based on Asterisk 16.3
>> and works for me :-) - not fully tested yet. If you want to use it, you have to enable media_encryption=sdes for the extension (and
>> transport tls and tls1.2). Use at your own risk!
>>
>>
>> The current patch lacks a basic mediasec option, which prevents adding the mediasec headers to each *initial* REGISTER or to each INVITE (if
>> sdes is activated). As of today, I don't know how to solve this problem without too much changes.
>> Anyway: It looks like the additional HEADERs seem not to disrupt other ISPs (tested with one other ISP). This option should be accessible in
>> rtp, session and register environment. Maybe there is a possibility to exchange data between register, session and rtp environment. This way, it
>> would be possible to dynamically set mediasec in session and rtp based on the result of the initial register. It would be necessary at the
>> same time, to dynamically disable sdes encryption if activation of mediasec didn't succeed.
>>
>> One more open point is the check for the 3 headers using the same name (Security-Server and Security-Verify). How can they be checked
>> regarding order? Is there a function to get each value of the same header? Maybe based on an array index? This way it would be possible to
>> create the Security-Verify headers dynamically based on the 494 or 401 response.
>>
>> The UPDATE package (used as a watchdog circuit during a call each 15 minutes) seems not to be affected - I couldn't find any problem at this
>> point.
> 
> 
Attached is a new version of the mediasec patch. The following items changed:

The patch now contains too mediasec on ReINVITES initiated by our selves.



Regards
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mediasec24.patch
Type: text/x-patch
Size: 7978 bytes
Desc: not available
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20190916/a65c9efa/attachment-0001.bin>


More information about the asterisk-dev mailing list