kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-10-31 02:37:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

pjsip_configuration.c: Disable DTLS renegotiation if WebRTC is enabled.

Browse Source 
Per RFC8827:

    Implementations MUST NOT implement DTLS renegotiation and MUST
    reject it with a "no_renegotiation" alert if offered.

So we disable it when webrtc=yes is set.

Fixes #378

UpgradeNote: The dtls_rekey will be disabled if webrtc support is
requested on an endpoint. A warning will also be emitted.

(cherry picked from commit 0f06787469)
This commit is contained in:
Sean Bright
2023-10-23 15:53:08 -04:00
committed by Asterisk Development Team
parent 8ade68ee1d
commit ad64862b4b
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
res/res_pjsip/pjsip_configuration.c
View File

@@ -1589,6 +1589,13 @@ static int sip_endpoint_apply_handler(const struct ast_sorcery *sorcery, void *o
endpoint->media.rtp.dtls_cfg.default_setup = AST_RTP_DTLS_SETUP_ACTPASS;
endpoint->media.rtp.dtls_cfg.verify = AST_RTP_DTLS_VERIFY_FINGERPRINT;
/* RFC8827 says: Implementations MUST NOT implement DTLS renegotiation
* and MUST reject it with a "no_renegotiation" alert if offered. */
if (endpoint->media.rtp.dtls_cfg.rekey) {
ast_log(LOG_WARNING, "DTLS renegotiation is not supported with WebRTC. Disabling dtls_rekey.\n");
endpoint->media.rtp.dtls_cfg.rekey = 0;
}
if (ast_strlen_zero(endpoint->media.rtp.dtls_cfg.certfile)) {
/* If no certificate has been specified, try to automatically create one */
endpoint->media.rtp.dtls_cfg.ephemeral_cert = 1;