Author: file Date: Wed Oct 1 11:37:46 2014 New Revision: 424291 URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=424291 Log: res_pjsip: Add 'dtls_fingerprint' option to configure DTLS fingerprint hash.
During the latest update to DTLS-SRTP support the ability to configure the hash used for fingerprints was added. This gave us two supported ones: SHA-1 and SHA-256. The default was accordingly updated to SHA-256. Unfortunately this configuration ability was not exposed within res_pjsip. This change adds a dtls_fingerprint option that controls it. #SIPit31 ........ Merged revisions 424290 from http://svn.asterisk.org/svn/asterisk/branches/12 Modified: branches/13/ (props changed) branches/13/configs/samples/pjsip.conf.sample branches/13/res/res_pjsip.c branches/13/res/res_pjsip/pjsip_configuration.c Propchange: branches/13/ ------------------------------------------------------------------------------ Binary property 'branch-12-merged' - no diff available. Modified: branches/13/configs/samples/pjsip.conf.sample URL: http://svnview.digium.com/svn/asterisk/branches/13/configs/samples/pjsip.conf.sample?view=diff&rev=424291&r1=424290&r2=424291 ============================================================================== --- branches/13/configs/samples/pjsip.conf.sample (original) +++ branches/13/configs/samples/pjsip.conf.sample Wed Oct 1 11:37:46 2014 @@ -610,6 +610,8 @@ ; certificates (default: "") ;dtls_setup= ; Whether we are willing to accept connections connect to the ; other party or both (default: "") +;dtls_fingerprint= ; Hash to use for the fingerprint placed into SDP + ; (default: "SHA-256") ;srtp_tag_32=no ; Determines whether 32 byte tags should be used instead of 80 ; byte tags (default: "no") ;set_var= ; Variable set on a channel involving the endpoint. For multiple Modified: branches/13/res/res_pjsip.c URL: http://svnview.digium.com/svn/asterisk/branches/13/res/res_pjsip.c?view=diff&rev=424291&r1=424290&r2=424291 ============================================================================== --- branches/13/res/res_pjsip.c (original) +++ branches/13/res/res_pjsip.c Wed Oct 1 11:37:46 2014 @@ -689,6 +689,19 @@ <enum name="actpass"><para> res_pjsip will offer and accept connections from the peer. </para></enum> + </enumlist> + </description> + </configOption> + <configOption name="dtls_fingerprint"> + <synopsis>Type of hash to use for the DTLS fingerprint in the SDP.</synopsis> + <description> + <para> + This option only applies if <replaceable>media_encryption</replaceable> is + set to <literal>dtls</literal>. + </para> + <enumlist> + <enum name="SHA-256"></enum> + <enum name="SHA-1"></enum> </enumlist> </description> </configOption> Modified: branches/13/res/res_pjsip/pjsip_configuration.c URL: http://svnview.digium.com/svn/asterisk/branches/13/res/res_pjsip/pjsip_configuration.c?view=diff&rev=424291&r1=424290&r2=424291 ============================================================================== --- branches/13/res/res_pjsip/pjsip_configuration.c (original) +++ branches/13/res/res_pjsip/pjsip_configuration.c Wed Oct 1 11:37:46 2014 @@ -722,6 +722,20 @@ const struct ast_sip_endpoint *endpoint = obj; if (ARRAY_IN_BOUNDS(endpoint->media.rtp.dtls_cfg.default_setup, ast_rtp_dtls_setup_map)) { *buf = ast_strdup(ast_rtp_dtls_setup_map[endpoint->media.rtp.dtls_cfg.default_setup]); + } + return 0; +} + +static const char *ast_rtp_dtls_fingerprint_map[] = { + [AST_RTP_DTLS_HASH_SHA256] = "SHA-256", + [AST_RTP_DTLS_HASH_SHA1] = "SHA-1", +}; + +static int dtlsfingerprint_to_str(const void *obj, const intptr_t *args, char **buf) +{ + const struct ast_sip_endpoint *endpoint = obj; + if (ARRAY_IN_BOUNDS(endpoint->media.rtp.dtls_cfg.hash, ast_rtp_dtls_fingerprint_map)) { + *buf = ast_strdup(ast_rtp_dtls_fingerprint_map[endpoint->media.rtp.dtls_cfg.hash]); } return 0; } @@ -1738,6 +1752,7 @@ ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "dtls_ca_file", "", dtls_handler, dtlscafile_to_str, NULL, 0, 0); ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "dtls_ca_path", "", dtls_handler, dtlscapath_to_str, NULL, 0, 0); ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "dtls_setup", "", dtls_handler, dtlssetup_to_str, NULL, 0, 0); + ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "dtls_fingerprint", "", dtls_handler, dtlsfingerprint_to_str, NULL, 0, 0); ast_sorcery_object_field_register(sip_sorcery, "endpoint", "srtp_tag_32", "no", OPT_BOOL_T, 1, FLDSET(struct ast_sip_endpoint, media.rtp.srtp_tag_32)); ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "redirect_method", "user", redirect_handler, NULL, NULL, 0, 0); ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "set_var", "", set_var_handler, set_var_to_str, set_var_to_vl, 0, 0); -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- svn-commits mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/svn-commits
