FS-7839: attempt to work with new EC dtls requirements for firefox >38

author Michael Jerris <mike@jerris.com>

Fri, 24 Jul 2015 20:21:49 +0000 (15:21 -0500)

committer Michael Jerris <mike@jerris.com>

Fri, 24 Jul 2015 20:22:21 +0000 (15:22 -0500)
author Michael Jerris <mike@jerris.com>
Fri, 24 Jul 2015 20:21:49 +0000 (15:21 -0500)
committer Michael Jerris <mike@jerris.com>
Fri, 24 Jul 2015 20:22:21 +0000 (15:22 -0500)
diff --git a/src/switch_rtp.c b/src/switch_rtp.c

index 3da9b91f2495c26446ce8179c7a6b473e1496584..9e427dc821ff0f7146c52ba1092305129c4a89b5 100644 (file)
--- a/src/switch_rtp.c
+++ b/src/switch_rtp.c
@@ -3187,6 +3187,7 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_dtls(switch_rtp_t *rtp_session, d
         const char *kind = "";
         BIO *bio;
         DH *dh;
+       EC_KEY* ecdh;
  
  #ifndef HAVE_OPENSSL_DTLS_SRTP
         return SWITCH_STATUS_FALSE;
@@ -3293,6 +3294,15 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_dtls(switch_rtp_t *rtp_session, d
         SSL_set_mode(dtls->ssl, SSL_MODE_AUTO_RETRY);
         SSL_set_read_ahead(dtls->ssl, 1);
         //SSL_set_verify(dtls->ssl, (SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT), cb_verify_peer);
+
+       ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+       if (!ecdh) {
+               return SWITCH_STATUS_FALSE;
+       }
+       SSL_set_options(dtls->ssl, SSL_OP_SINGLE_ECDH_USE);
+       SSL_set_tmp_ecdh(dtls->ssl, ecdh);
+       EC_KEY_free(ecdh);
+
         SSL_set_verify(dtls->ssl, SSL_VERIFY_NONE, NULL);
         SSL_set_app_data(dtls->ssl, dtls);
author	Michael Jerris <mike@jerris.com>
	Fri, 24 Jul 2015 20:21:49 +0000 (15:21 -0500)
committer	Michael Jerris <mike@jerris.com>
	Fri, 24 Jul 2015 20:22:21 +0000 (15:22 -0500)