git.ipfire.org Git - thirdparty/asterisk.git/commit

author	Walter Doekes <walter+github@wjd.nu>
	Tue, 6 Sep 2016 07:41:06 +0000 (09:41 +0200)
committer	Walter Doekes <walter+asterisk@wjd.nu>
	Tue, 6 Sep 2016 07:56:22 +0000 (02:56 -0500)
commit	d04ae7d1d81ee157bea1295b2316e278c951d877
tree	1ae80b6f55a04a2242bebb22731a6f1e8e796a35	tree
parent	9470848fba269f9f8f8fc763b05e72efab6d7b70	commit \| diff

chan_sip: Don't refuse calls with "optional crypto"; fall back to RTP.

Certain SNOM phones send so-called "optional crypto" in their SDP body.
Regular SRTP setup looks like this:

    m=audio 64620 RTP/SAVP 8 0 9 99 3 18 4 101
    a=crypto:1 AES_CM_128_HMAC_SHA1_32 inline:...

SNOM-style "optional crypto" looks like this:

    m=audio 61438 RTP/AVP 8 0 9 99 3 18 4 101
    a=crypto:1 AES_CM_128_HMAC_SHA1_32 inline:...

A crypto line is supplied, but the m-line does not have SAVP.

When res_srtp.so is *not* loaded, then chan_sip.so treats the optional
crypto as regular RTP, but when res_srtp.so *is* loaded, it refuses the
incoming call with the following message:

    WARNING: process_sdp: Failed to receive SDP offer/answer with
    required SRTP crypto attributes for audio

For platforms that want to start providing SRTP this presents a
compatibility problem.

This changeset lets chan_sip handle the SDP as if no crypto-line was
supplied: i.e. accept the call as regular RTP, just like it did before
res_srtp was loaded.

Now you'll get this informative warning instead:

    WARNING: Ignoring crypto attribute in SDP because RTP transport is
    insecure

ASTERISK-23989 #close
Reported by: Olle Johansson

Change-Id: I91a15ae05a0296e398d6b65f53bb11afde1d80e2