Hi Joshua, I did have this set
dtlsenable=yes dtlsverify=no dtlsrekey=60 dtlscertfile=/etc/asterisk/certs/asterisk.pem dtlsprivatekey=/etc/asterisk/certs/asterisk.key dtlscafile=/etc/asterisk/certs/asterisk.pem dtlscipher=ALL dtlssetup=actpass Do you think the the SHA-256 issue was the cause of my error? Thanks for pointing out the patch which I will test 28.03.2014, 16:29, "Joshua Colp" <[email protected]>: > jaflong jaflong wrote: > >> Hi >> >> I am having problems using DTLS-SRTP and trying to debug why I am getting >> this error >> [Mar 26 14:48:23] WARNING[31977][C-00000009]: chan_sip.c:10657 process_sdp: >> Can't provide secure audio requested in SDP offer >> >> In chan_sip.c >> >> Tracing through the code, at this point the value of p->dtls_cfg.enabled is >> FALSE when run. >> Any tip on how to get p->dtls_cfg.enabled set to TRUE. It seems DTLS config >> is not getting initiated > > Have you enabled it in the configuration? It's controlled using dtlsenable. > >> static int process_sdp_a_dtls(const char *a, struct sip_pvt *p, struct >> ast_rtp_instance *instance) >> { >> struct ast_rtp_engine_dtls *dtls; >> int found = FALSE; >> char value[256], hash[6]; >> >> if (!instance || !p->dtls_cfg.enabled || !(dtls = >> ast_rtp_instance_get_dtls(instance))) { >> return found; >> } >> >> By the way what is the minimum version required of openssl to use DTLS-SRTP. >> At present I have 1.01e-fips (cento 6.5) > > DTLS-SRTP suppor was added to OpenSSL in version 1.0.1, so it should be > fine. > > Asterisk also does not support SHA-256 currently without using the patch > available at https://issues.asterisk.org/jira/browse/ASTERISK-22961 > > -- > Joshua Colp > Digium, Inc. | Senior Software Developer > 445 Jan Davis Drive NW - Huntsville, AL 35806 - US > Check us out at: www.digium.com & www.asterisk.org > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-dev mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-dev -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
