res_pjsip: Add 'dtls_fingerprint' option to configure DTLS fingerprint hash.

During the latest update to DTLS-SRTP support the ability to configure the hash used for fingerprints was added. This gave us two supported ones: SHA-1 and SHA-256. The default was accordingly updated to SHA-256. Unfortunately this configuration ability was not exposed within res_pjsip. This change adds a dtls_fingerprint option that controls it. #SIPit31 ........ Merged revisions 424290 from http://svn.asterisk.org/svn/asterisk/branches/12 ........ Merged revisions 424291 from http://svn.asterisk.org/svn/asterisk/branches/13 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@424292 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2025-09-04 11:58:52 +00:00 · 2014-10-01 16:39:45 +00:00
parent 9233b1cf44
commit adba2a8d7f
3 changed files with 30 additions and 0 deletions
--- a/configs/samples/pjsip.conf.sample
+++ b/configs/samples/pjsip.conf.sample
@@ -610,6 +610,8 @@
                ; certificates (default: "")
 ;dtls_setup=    ; Whether we are willing to accept connections connect to the
                ; other party or both (default: "")
+;dtls_fingerprint= ; Hash to use for the fingerprint placed into SDP
+                   ; (default: "SHA-256")
 ;srtp_tag_32=no ; Determines whether 32 byte tags should be used instead of 80
                ; byte tags (default: "no")
 ;set_var=       ; Variable set on a channel involving the endpoint. For multiple
--- a/res/res_pjsip.c
+++ b/res/res_pjsip.c
@@ -692,6 +692,19 @@
 						</enumlist>
 					</description>
 				</configOption>
+				<configOption name="dtls_fingerprint">
+					<synopsis>Type of hash to use for the DTLS fingerprint in the SDP.</synopsis>
+					<description>
+						<para>
+							This option only applies if <replaceable>media_encryption</replaceable> is
+							set to <literal>dtls</literal>.
+						</para>
+						<enumlist>
+							<enum name="SHA-256"></enum>
+							<enum name="SHA-1"></enum>
+						</enumlist>
+					</description>
+				</configOption>
 				<configOption name="srtp_tag_32">
 					<synopsis>Determines whether 32 byte tags should be used instead of 80 byte tags.</synopsis>
 					<description><para>
--- a/res/res_pjsip/pjsip_configuration.c
+++ b/res/res_pjsip/pjsip_configuration.c
@@ -726,6 +726,20 @@ static int dtlssetup_to_str(const void *obj, const intptr_t *args, char **buf)
 	return 0;
 }

+static const char *ast_rtp_dtls_fingerprint_map[] = {
+	[AST_RTP_DTLS_HASH_SHA256] = "SHA-256",
+	[AST_RTP_DTLS_HASH_SHA1] = "SHA-1",
+};
+
+static int dtlsfingerprint_to_str(const void *obj, const intptr_t *args, char **buf)
+{
+	const struct ast_sip_endpoint *endpoint = obj;
+	if (ARRAY_IN_BOUNDS(endpoint->media.rtp.dtls_cfg.hash, ast_rtp_dtls_fingerprint_map)) {
+		*buf = ast_strdup(ast_rtp_dtls_fingerprint_map[endpoint->media.rtp.dtls_cfg.hash]);
+	}
+	return 0;
+}
+
 static int t38udptl_ec_handler(const struct aco_option *opt,
 	struct ast_variable *var, void *obj)
 {
@@ -1738,6 +1752,7 @@ int ast_res_pjsip_initialize_configuration(const struct ast_module_info *ast_mod
 	ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "dtls_ca_file", "", dtls_handler, dtlscafile_to_str, NULL, 0, 0);
 	ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "dtls_ca_path", "", dtls_handler, dtlscapath_to_str, NULL, 0, 0);
 	ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "dtls_setup", "", dtls_handler, dtlssetup_to_str, NULL, 0, 0);
+	ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "dtls_fingerprint", "", dtls_handler, dtlsfingerprint_to_str, NULL, 0, 0);
 	ast_sorcery_object_field_register(sip_sorcery, "endpoint", "srtp_tag_32", "no", OPT_BOOL_T, 1, FLDSET(struct ast_sip_endpoint, media.rtp.srtp_tag_32));
 	ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "redirect_method", "user", redirect_handler, NULL, NULL, 0, 0);
 	ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "set_var", "", set_var_handler, set_var_to_str, set_var_to_vl, 0, 0);