From: Joshua Colp Date: Thu, 29 Jan 2015 12:08:39 +0000 (+0000) Subject: res_rtp_asterisk: Fix DTLS when used with OpenSSL 1.0.1k X-Git-Tag: 11.16.0-rc1~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9fe6588349832ff1d43d717f48f490f1fa55d9ec;p=thirdparty%2Fasterisk.git res_rtp_asterisk: Fix DTLS when used with OpenSSL 1.0.1k A recent security fix for OpenSSL broke DTLS negotiation for many applications. This was caused by read ahead not being enabled when it should be. While a commit has gone into OpenSSL to force read ahead on for DTLS it may take some time for a release to be made and the change to be present in distributions (if at all). As enabling read ahead is a simple one line change this commit does that and fixes the issue. ASTERISK-24711 #close Reported by: Jared Biel git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@431384 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/res/res_rtp_asterisk.c b/res/res_rtp_asterisk.c index fc0f9d9ba6..079ba2ede6 100644 --- a/res/res_rtp_asterisk.c +++ b/res/res_rtp_asterisk.c @@ -1263,6 +1263,8 @@ static int ast_rtp_dtls_set_configuration(struct ast_rtp_instance *instance, con return -1; } + SSL_CTX_set_read_ahead(rtp->ssl_ctx, 1); + rtp->dtls_verify = dtls_cfg->verify; SSL_CTX_set_verify(rtp->ssl_ctx, (rtp->dtls_verify & AST_RTP_DTLS_VERIFY_FINGERPRINT) || (rtp->dtls_verify & AST_RTP_DTLS_VERIFY_CERTIFICATE) ?