FS-7839: [webrtc] Fix interop with firefox > 38 to work with new EC dtls requirements

author Michael Jerris <mike@jerris.com>

Fri, 24 Jul 2015 20:21:49 +0000 (15:21 -0500)

committer Michael Jerris <mike@jerris.com>

Tue, 25 Aug 2015 19:47:59 +0000 (14:47 -0500)
author Michael Jerris <mike@jerris.com>
Fri, 24 Jul 2015 20:21:49 +0000 (15:21 -0500)
committer Michael Jerris <mike@jerris.com>
Tue, 25 Aug 2015 19:47:59 +0000 (14:47 -0500)
diff --git a/src/switch_rtp.c b/src/switch_rtp.c

index 0416d153d3175f9fda367ce3f412a70e2547fcdc..dc7c77cbebd2d45ef3cfee2b09bff94ee360b822 100644 (file)
--- a/src/switch_rtp.c
+++ b/src/switch_rtp.c
@@ -3077,6 +3077,7 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_dtls(switch_rtp_t *rtp_session, d
         const char *kind = "";
         BIO *bio;
         DH *dh;
+       EC_KEY* ecdh;
  
  #ifndef HAVE_OPENSSL_DTLS_SRTP
         return SWITCH_STATUS_FALSE;
@@ -3183,6 +3184,15 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_dtls(switch_rtp_t *rtp_session, d
         SSL_set_mode(dtls->ssl, SSL_MODE_AUTO_RETRY);
         SSL_set_read_ahead(dtls->ssl, 1);
         //SSL_set_verify(dtls->ssl, (SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT), cb_verify_peer);
+
+       ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+       if (!ecdh) {
+               return SWITCH_STATUS_FALSE;
+       }
+       SSL_set_options(dtls->ssl, SSL_OP_SINGLE_ECDH_USE);
+       SSL_set_tmp_ecdh(dtls->ssl, ecdh);
+       EC_KEY_free(ecdh);
+
         SSL_set_verify(dtls->ssl, SSL_VERIFY_NONE, NULL);
         SSL_set_app_data(dtls->ssl, dtls);
author	Michael Jerris <mike@jerris.com>
	Fri, 24 Jul 2015 20:21:49 +0000 (15:21 -0500)
committer	Michael Jerris <mike@jerris.com>
	Tue, 25 Aug 2015 19:47:59 +0000 (14:47 -0500)