From: Joshua Colp Date: Wed, 1 Oct 2014 16:35:02 +0000 (+0000) Subject: res_pjsip: Add 'dtls_fingerprint' option to configure DTLS fingerprint hash. X-Git-Tag: 12.7.0-rc1~95 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c6f8d1f38ac15c19b1f38ce34ae4dcb989bb72e1;p=thirdparty%2Fasterisk.git res_pjsip: Add 'dtls_fingerprint' option to configure DTLS fingerprint hash. During the latest update to DTLS-SRTP support the ability to configure the hash used for fingerprints was added. This gave us two supported ones: SHA-1 and SHA-256. The default was accordingly updated to SHA-256. Unfortunately this configuration ability was not exposed within res_pjsip. This change adds a dtls_fingerprint option that controls it. #SIPit31 git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/12@424290 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/configs/pjsip.conf.sample b/configs/pjsip.conf.sample index 2a09c77d99..81a6cbb792 100644 --- a/configs/pjsip.conf.sample +++ b/configs/pjsip.conf.sample @@ -562,6 +562,8 @@ ; certificates (default: "") ;dtls_setup= ; Whether we are willing to accept connections connect to the ; other party or both (default: "") +;dtls_fingerprint= ; Hash to use for the fingerprint placed into SDP + ; (default: "SHA-256") ;srtp_tag_32=no ; Determines whether 32 byte tags should be used instead of 80 ; byte tags (default: "no") ;set_var= ; Variable set on a channel involving the endpoint. For multiple diff --git a/res/res_pjsip.c b/res/res_pjsip.c index eb52986167..ce102b9a1d 100644 --- a/res/res_pjsip.c +++ b/res/res_pjsip.c @@ -692,6 +692,19 @@ + + Type of hash to use for the DTLS fingerprint in the SDP. + + + This option only applies if media_encryption is + set to dtls. + + + + + + + Determines whether 32 byte tags should be used instead of 80 byte tags. diff --git a/res/res_pjsip/pjsip_configuration.c b/res/res_pjsip/pjsip_configuration.c index fc383f291b..4b19ec6124 100644 --- a/res/res_pjsip/pjsip_configuration.c +++ b/res/res_pjsip/pjsip_configuration.c @@ -731,6 +731,20 @@ static int dtlssetup_to_str(const void *obj, const intptr_t *args, char **buf) return 0; } +static const char *ast_rtp_dtls_fingerprint_map[] = { + [AST_RTP_DTLS_HASH_SHA256] = "SHA-256", + [AST_RTP_DTLS_HASH_SHA1] = "SHA-1", +}; + +static int dtlsfingerprint_to_str(const void *obj, const intptr_t *args, char **buf) +{ + const struct ast_sip_endpoint *endpoint = obj; + if (ARRAY_IN_BOUNDS(endpoint->media.rtp.dtls_cfg.hash, ast_rtp_dtls_fingerprint_map)) { + *buf = ast_strdup(ast_rtp_dtls_fingerprint_map[endpoint->media.rtp.dtls_cfg.hash]); + } + return 0; +} + static int t38udptl_ec_handler(const struct aco_option *opt, struct ast_variable *var, void *obj) { @@ -1743,6 +1757,7 @@ int ast_res_pjsip_initialize_configuration(const struct ast_module_info *ast_mod ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "dtls_ca_file", "", dtls_handler, dtlscafile_to_str, NULL, 0, 0); ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "dtls_ca_path", "", dtls_handler, dtlscapath_to_str, NULL, 0, 0); ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "dtls_setup", "", dtls_handler, dtlssetup_to_str, NULL, 0, 0); + ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "dtls_fingerprint", "", dtls_handler, dtlsfingerprint_to_str, NULL, 0, 0); ast_sorcery_object_field_register(sip_sorcery, "endpoint", "srtp_tag_32", "no", OPT_BOOL_T, 1, FLDSET(struct ast_sip_endpoint, media.rtp.srtp_tag_32)); ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "redirect_method", "user", redirect_handler, NULL, NULL, 0, 0); ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "set_var", "", set_var_handler, set_var_to_str, set_var_to_vl, 0, 0);