res_rtp_asterisk: Don't send RTP before DTLS has negotiated.

There was no check in __rtp_sendto that prevented Asterisk from sending
RTP before DTLS had finished negotiating. This patch adds logic to do
so.

Fixes: #1260

diff --git a/res/res_rtp_asterisk.c b/res/res_rtp_asterisk.c
index b94a0fb40ede58b72e6ff3c135f9cdda115e20b5..40f20f1509760d9716c94ea00607c466129a007b 100644 (file)
--- a/res/res_rtp_asterisk.c
+++ b/res/res_rtp_asterisk.c
@@ -3451,6 +3451,16 @@ static int __rtp_sendto(struct ast_rtp_instance *instance, void *buf, size_t siz
        struct ast_rtp *transport_rtp = ast_rtp_instance_get_data(transport);
        struct ast_srtp *srtp = ast_rtp_instance_get_srtp(transport, rtcp);
        int res;
+#if defined(HAVE_OPENSSL) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(OPENSSL_NO_SRTP)
+       char *out = buf;
+       struct dtls_details *dtls = !rtcp ? &rtp->dtls : &rtp->rtcp->dtls;
+
+       /* Don't send RTP if DTLS hasn't finished yet */
+       if (dtls->ssl && ((*out < 20) || (*out > 63)) && dtls->connection == AST_RTP_DTLS_CONNECTION_NEW) {
+               *via_ice = 0;
+               return 0;
+       }
+#endif
 
        *via_ice = 0;