Just FYI, I published the whole patch here: https://issues.asterisk.org/jira/browse/ASTERISK-22961?focusedCommentId=212829&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-212829
As explained there, I didn't test it but it should work fine. Lorenzo 2013/12/4 nitesh bansal <[email protected]> > Thanks Lorenzo for your patch, i will try to sort out my Asterisk 11.4 now. > Have a good day. > > Regards, > Nitesh > > > > On Wed, Dec 4, 2013 at 11:19 AM, Lorenzo Miniero <[email protected]>wrote: > >> PS: I'm not sure attachments are allowed on the mailing list. If not, >> feel free to contact me privately for the patch and more info. >> >> Lorenzo >> >> >> 2013/12/4 Lorenzo Miniero <[email protected]> >> >>> Hi Nitesh, >>> >>> my chan_sip is rather messy right now, as I changed several things due >>> to other experiments as well. I tried to prepare a patch that only >>> allegedly covers the DTLS experiments: just beware that it is for >>> asterisk-11.1.2 and so you may need to tweak it a bit for your case. >>> Anyway, what I did with respect to DTLS in chan_sip as you can see wasn't >>> much (as I explained in that report, most of the SDP manipulation I did in >>> my webapp), so just to summarize: >>> >>> 1. I moved the DTLS initialization after the RTCP stuff, for the >>> reasons explained in the report; >>> 2. I made sure that sha-256 fingerprints (sent by Chrome and >>> Firefox) were accepted by the parser, and that sha-256 fingerprints were >>> added in the reply too (this needs a change in the RTP engine, of course, >>> which by default generates sha-1 fingerprints); >>> 3. a couple of fixes to an incorrect SAVPF behaviour (the wrong >>> crypto context was used); >>> 4. an ugly hack to force DTLS if it is disabled in the >>> configuration, but you get a fingerprint in the SDP: I chose to do it >>> this >>> way as enabling it in the configuration forces DTLS for all calls, which >>> I >>> didn't want. >>> >>> Hope that helps, let me know if you need any further help. >>> >>> Lorenzo >>> >>> >>> 2013/12/4 nitesh bansal <[email protected]> >>> >>>> Hi Lorenzo, >>>> >>>> Thanks for your response. Can you share your patch on chan_sip. >>>> >>>> Regards, >>>> Nitesh Bansal >>>> >>>> >>>> On Mon, Dec 2, 2013 at 4:09 PM, Lorenzo Miniero <[email protected]>wrote: >>>> >>>>> 2013/12/2 Mark Michelson <[email protected]> >>>>> >>>>>> On 12/02/2013 05:29 AM, nitesh bansal wrote: >>>>>> >>>>>>> Hello everybody, >>>>>>> >>>>>>> I want to setup a basic Demo of WebRTC using Asterisk as WebServer >>>>>>> and SRTP-DTLS. >>>>>>> I got the demo setup using SRTP-DES with chrome, chrome is >>>>>>> porpoising both DTLS and DES, >>>>>>> Asterisk responds with DES abd call is connected. >>>>>>> But i want asterisk to propose DTLS also in its response, can you >>>>>>> please tell me if asterisk supports DTLS and if yes, is there a wiki >>>>>>> page >>>>>>> with the documentation? >>>>>>> I could not find any relevant wikipage. >>>>>>> >>>>>>> Regards, >>>>>>> Nitesh >>>>>>> >>>>>>> >>>>>> Asterisk supports DTLS. Your best bet for documentation at the moment >>>>>> is to look at configs/sip.conf.sample in Asterisk 11 and grep for >>>>>> "DTLS-SRTP CONFIGURATION". That will direct you to a section that >>>>>> explains >>>>>> the various DTLS-related configuration options for chan_sip. >>>>>> >>>>>> Mark Michelson >>>>>> >>>>>> >>>>> >>>>> Just as an additional cue point, you may also refer to the report I >>>>> wrote a few months ago on making DTLS work in my case. I don't know >>>>> whether >>>>> or not some of those points eventually made it to the documentation, and >>>>> some of them may be obsolete (e.g., you definitely don't need the fake >>>>> crypto anymore), but they may be oh help nonetheless: >>>>> >>>>> http://lists.digium.com/pipermail/asterisk-dev/2013-May/060435.html >>>>> >>>>> Lorenzo >>>>> >>>>> >>>>> >>>>>> -- >>>>>> _____________________________________________________________________ >>>>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >>>>>> >>>>>> asterisk-dev mailing list >>>>>> To UNSUBSCRIBE or update options visit: >>>>>> http://lists.digium.com/mailman/listinfo/asterisk-dev >>>>>> >>>>> >>>>> >>>>> -- >>>>> _____________________________________________________________________ >>>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >>>>> >>>>> asterisk-dev mailing list >>>>> To UNSUBSCRIBE or update options visit: >>>>> http://lists.digium.com/mailman/listinfo/asterisk-dev >>>>> >>>> >>>> >>>> -- >>>> _____________________________________________________________________ >>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >>>> >>>> asterisk-dev mailing list >>>> To UNSUBSCRIBE or update options visit: >>>> http://lists.digium.com/mailman/listinfo/asterisk-dev >>>> >>> >>> >> >> -- >> _____________________________________________________________________ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> >> asterisk-dev mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-dev >> > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-dev mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-dev >
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
