res_pjsip_sdp_rtp: Reject offer of required SRTP without res_srtp.

When optimistic SRTP was on it was possible for us to still
set up a call without an audio stream if an offer was received
with required SRTP.

This change makes it so this scenario will now fail with a 488
response.

ASTERISK-26575

Change-Id: I7d14187037681f48879bd20319ac79d0877318f3

diff --git a/res/res_pjsip_sdp_rtp.c b/res/res_pjsip_sdp_rtp.c
index 6a8b43d720ebdd6eedc758af1df9713b85bdd5de..66550a2fde31ef442ae72ccf3a4649c84b0dad3b 100644 (file)
--- a/res/res_pjsip_sdp_rtp.c
+++ b/res/res_pjsip_sdp_rtp.c
@@ -896,9 +896,11 @@ static int negotiate_incoming_sdp_stream(struct ast_sip_session *session, struct
 
        res = setup_media_encryption(session, session_media, sdp, stream);
        if (res) {
-               if (!session->endpoint->media.rtp.encryption_optimistic) {
+               if (!session->endpoint->media.rtp.encryption_optimistic ||
+                       !pj_strncmp2(&stream->desc.transport, "RTP/SAVP", 8)) {
                        /* If optimistic encryption is disabled and crypto should have been enabled
-                        * but was not this session must fail.
+                        * but was not this session must fail. This must also fail if crypto was
+                        * required in the offer but could not be set up.
                         */
                        return -1;
                }