kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-05 04:11:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Recorded merge of revisions 417677 from http://svn.asterisk.org/svn/asterisk/branches/11

Browse Source 
........
res_rtp_asterisk: Add SHA-256 support for DTLS and perform DTLS negotiation on RTCP.

This change fixes up DTLS support in res_rtp_asterisk so it can accept and provide
a SHA-256 fingerprint, so it occurs on RTCP, and so it occurs after ICE negotiation
completes. Configuration options to chan_sip and chan_pjsip have also been added to
allow behavior to be tweaked (such as forcing the AVP type media transports in SDP).

ASTERISK-22961 #close
Reported by: Jay Jideliov

Review: https://reviewboard.asterisk.org/r/3679/
Review: https://reviewboard.asterisk.org/r/3686/
........

Merged revisions 417678 from http://svn.asterisk.org/svn/asterisk/branches/12


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@417679 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Joshua Colp
2014-06-30 19:51:28 +00:00
parent 688bb204dc
commit 6e60f5d317
14 changed files with 549 additions and 197 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
main/rtp_engine.c
View File

@@ -1556,7 +1556,17 @@ int ast_rtp_dtls_cfg_parse(struct ast_rtp_dtls_cfg *dtls_cfg, const char *name,
if (!strcasecmp(name, "dtlsenable")) {
dtls_cfg->enabled = ast_true(value) ? 1 : 0;
} else if (!strcasecmp(name, "dtlsverify")) {
dtls_cfg->verify = ast_true(value) ? 1 : 0;
if (!strcasecmp(value, "yes")) {
dtls_cfg->verify = AST_RTP_DTLS_VERIFY_FINGERPRINT | AST_RTP_DTLS_VERIFY_CERTIFICATE;
} else if (!strcasecmp(value, "fingerprint")) {
dtls_cfg->verify = AST_RTP_DTLS_VERIFY_FINGERPRINT;
} else if (!strcasecmp(value, "certificate")) {
dtls_cfg->verify = AST_RTP_DTLS_VERIFY_CERTIFICATE;
} else if (!strcasecmp(value, "no")) {
dtls_cfg->verify = AST_RTP_DTLS_VERIFY_NONE;
} else {
return -1;
}
} else if (!strcasecmp(name, "dtlsrekey")) {
if (sscanf(value, "%30u", &dtls_cfg->rekey) != 1) {
return -1;
@@ -1584,6 +1594,12 @@ int ast_rtp_dtls_cfg_parse(struct ast_rtp_dtls_cfg *dtls_cfg, const char *name,
} else if (!strcasecmp(value, "actpass")) {
dtls_cfg->default_setup = AST_RTP_DTLS_SETUP_ACTPASS;
}
} else if (!strcasecmp(name, "dtlsfingerprint")) {
if (!strcasecmp(value, "sha-256")) {
dtls_cfg->hash = AST_RTP_DTLS_HASH_SHA256;
} else if (!strcasecmp(value, "sha-1")) {
dtls_cfg->hash = AST_RTP_DTLS_HASH_SHA1;
}
} else {
return -1;
}
@@ -1597,6 +1613,7 @@ void ast_rtp_dtls_cfg_copy(const struct ast_rtp_dtls_cfg *src_cfg, struct ast_rt
dst_cfg->verify = src_cfg->verify;
dst_cfg->rekey = src_cfg->rekey;
dst_cfg->suite = src_cfg->suite;
dst_cfg->hash = src_cfg->hash;
dst_cfg->certfile = ast_strdup(src_cfg->certfile);
dst_cfg->pvtfile = ast_strdup(src_cfg->pvtfile);
dst_cfg->cipher = ast_strdup(src_cfg->cipher);