]> git.ipfire.org Git - thirdparty/freeswitch.git/commitdiff
projects / thirdparty / freeswitch.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: dbc124d)
FS-7425: set dh params and call set_tmp_dh to enable PFS for DTLS-SRTP
authorEric Tamme <etamme@gmail.com>
Fri, 24 Apr 2015 15:31:03 +0000 (10:31 -0500)
committerBrian <brian@freeswitch.org>
Fri, 24 Apr 2015 15:31:17 +0000 (10:31 -0500)
src/switch_rtp.c patch | blob | blame | history

diff --git a/src/switch_rtp.c b/src/switch_rtp.c
index 2d2525c3e751549ce42662c7ecbabcf9d30e5540..a3f2e2e95ccb9bd5262298edd1d4d8e3bfbba132 100644 (file)
--- a/src/switch_rtp.c
+++ b/src/switch_rtp.c
@@ -3075,6 +3075,8 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_dtls(switch_rtp_t *rtp_session, d
        switch_dtls_t *dtls;
        int ret;
        const char *kind = "";
+       BIO *bio;
+       DH *dh;
 
 #ifndef HAVE_OPENSSL_DTLS_SRTP
        return SWITCH_STATUS_FALSE;
@@ -3122,6 +3124,12 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_dtls(switch_rtp_t *rtp_session, d
        dtls->ssl_ctx = SSL_CTX_new(DTLSv1_method());
        switch_assert(dtls->ssl_ctx);
 
+       bio = BIO_new_file(dtls->pem, "r");
+       dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+       BIO_free(bio);
+       SSL_CTX_set_tmp_dh(dtls->ssl_ctx, dh);
+       DH_free(dh);
+
        SSL_CTX_set_mode(dtls->ssl_ctx, SSL_MODE_AUTO_RETRY);
 
        //SSL_CTX_set_verify(dtls->ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
Mirror of https://github.com/signalwire/freeswitch.git