res_pjsip_sdp_rtp: Reject offer of required SRTP without res_srtp.

When optimistic SRTP was on it was possible for us to still
set up a call without an audio stream if an offer was received
with required SRTP.

This change makes it so this scenario will now fail with a 488
response.

ASTERISK-26575

Change-Id: I7d14187037681f48879bd20319ac79d0877318f3

diff --git a/res/res_pjsip_sdp_rtp.c b/res/res_pjsip_sdp_rtp.c
index d8b94df9f1a04291ba1977ce5d36e3ea5d468d1e..24d852c6ce6ec15580f5fec34c2b94c87c388aa9 100644 (file)
--- a/res/res_pjsip_sdp_rtp.c
+++ b/res/res_pjsip_sdp_rtp.c
@@ -906,9 +906,11 @@ static int negotiate_incoming_sdp_stream(struct ast_sip_session *session, struct
 
        res = setup_media_encryption(session, session_media, sdp, stream);
        if (res) {
-               if (!session->endpoint->media.rtp.encryption_optimistic) {
+               if (!session->endpoint->media.rtp.encryption_optimistic ||
+                       !pj_strncmp2(&stream->desc.transport, "RTP/SAVP", 8)) {
                        /* If optimistic encryption is disabled and crypto should have been enabled
-                        * but was not this session must fail.
+                        * but was not this session must fail. This must also fail if crypto was
+                        * required in the offer but could not be set up.
                         */
                        return -1;
                }