- Timestamp:
- Jul 5, 2017 5:37:24 AM (7 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
pjproject/trunk/pjmedia/src/pjmedia/transport_srtp_dtls.c
r5614 r5621 188 188 189 189 *p_keying = &ds->base; 190 PJ_LOG(5,( THIS_FILE, "SRTP keying DTLS-SRTP created"));190 PJ_LOG(5,(srtp->pool->obj_name, "SRTP keying DTLS-SRTP created")); 191 191 return PJ_SUCCESS; 192 192 } … … 549 549 is_sha256 = PJ_FALSE; 550 550 else { 551 PJ_LOG(4,(ds->base.name, " Remote hash algo inSDP for "552 " DTLS-SRTPis not supported"));551 PJ_LOG(4,(ds->base.name, "Hash algo specified in remote SDP for " 552 "its DTLS certificate fingerprint is not supported")); 553 553 return PJ_ENOTSUP; 554 554 } … … 641 641 ds->srtp->keying_pending_cnt--; 642 642 643 /* Copy negotiated policy to SRTP */ 643 644 ds->srtp->tx_policy_neg = ds->tx_crypto; 644 645 ds->srtp->rx_policy_neg = ds->rx_crypto; 646 645 647 status = start_srtp(ds->srtp); 646 648 if (status != PJ_SUCCESS) … … 716 718 /* Finally, DTLS nego started! */ 717 719 ds->nego_started = PJ_TRUE; 718 PJ_LOG( 2,(ds->base.name, "DTLS-SRTP negotiation initiated as %s",720 PJ_LOG(4,(ds->base.name, "DTLS-SRTP negotiation initiated as %s", 719 721 (ds->setup==DTLS_SETUP_ACTIVE? "client":"server"))); 720 722 … … 1248 1250 ds->srtp->rx_policy_neg = ds->rx_crypto; 1249 1251 1250 /* Verify remote fingerprint if not yet*/1252 /* Verify remote fingerprint (if available) */ 1251 1253 if (ds->rem_fingerprint.slen && ds->rem_fprint_status == PJ_EPENDING) 1254 { 1252 1255 ds->rem_fprint_status = ssl_match_fingerprint(ds); 1253 if (ds->rem_fprint_status != PJ_SUCCESS) { 1254 pj_perror(4, ds->base.name, ds->rem_fprint_status, 1255 "Fingerprint specified in remote SDP doesn't match " 1256 "to actual remote certificate fingerprint!"); 1257 return ds->rem_fprint_status; 1256 if (ds->rem_fprint_status != PJ_SUCCESS) { 1257 pj_perror(4, ds->base.name, ds->rem_fprint_status, 1258 "Fingerprint specified in remote SDP doesn't match " 1259 "to actual remote certificate fingerprint!"); 1260 return ds->rem_fprint_status; 1261 } 1258 1262 } 1259 1263 … … 1345 1349 return PJ_SUCCESS; 1346 1350 } 1351 1352 1353 /* Get fingerprint of local DTLS-SRTP certificate. */ 1354 PJ_DEF(pj_status_t) pjmedia_transport_srtp_dtls_get_fingerprint( 1355 pjmedia_transport *tp, 1356 const char *hash, 1357 char *buf, pj_size_t *len) 1358 { 1359 PJ_ASSERT_RETURN(dtls_cert, PJ_EINVALIDOP); 1360 PJ_ASSERT_RETURN(tp && hash && buf && len, PJ_EINVAL); 1361 PJ_ASSERT_RETURN(pj_ansi_strcmp(hash, "SHA-256")==0 || 1362 pj_ansi_strcmp(hash, "SHA-1")==0, PJ_EINVAL); 1363 PJ_UNUSED_ARG(tp); 1364 1365 return ssl_get_fingerprint(dtls_cert, 1366 pj_ansi_strcmp(hash, "SHA-256")==0, 1367 buf, len); 1368 } 1369 1370 1371 /* Manually start DTLS-SRTP negotiation (without SDP offer/answer) */ 1372 PJ_DEF(pj_status_t) pjmedia_transport_srtp_dtls_start_nego( 1373 pjmedia_transport *tp, 1374 const pjmedia_srtp_dtls_nego_param *param) 1375 { 1376 transport_srtp *srtp = (transport_srtp*)tp; 1377 dtls_srtp *ds = NULL; 1378 unsigned j; 1379 pjmedia_transport_attach_param ap; 1380 pj_status_t status; 1381 1382 PJ_ASSERT_RETURN(tp && param, PJ_EINVAL); 1383 PJ_ASSERT_RETURN(pj_sockaddr_has_addr(¶m->rem_addr), PJ_EINVAL); 1384 1385 /* Find DTLS keying and destroy any other keying. */ 1386 for (j = 0; j < srtp->keying_cnt; ++j) { 1387 if (srtp->keying[j]->op == &dtls_op) 1388 ds = (dtls_srtp*)srtp->keying[j]; 1389 else 1390 pjmedia_transport_close(srtp->keying[j]); 1391 } 1392 1393 /* DTLS-SRTP is not enabled */ 1394 if (!ds) 1395 return PJ_ENOTSUP; 1396 1397 /* Set SRTP keying to DTLS-SRTP only */ 1398 srtp->keying_cnt = 1; 1399 srtp->keying[0] = &ds->base; 1400 srtp->keying_pending_cnt = 1; 1401 1402 /* Apply param to DTLS-SRTP internal states */ 1403 pj_strdup(ds->pool, &ds->rem_fingerprint, ¶m->rem_fingerprint); 1404 ds->rem_fprint_status = PJ_EPENDING; 1405 ds->rem_addr = param->rem_addr; 1406 ds->rem_rtcp = param->rem_rtcp; 1407 ds->setup = param->is_role_active? DTLS_SETUP_ACTIVE:DTLS_SETUP_PASSIVE; 1408 1409 /* Pending start SRTP */ 1410 ds->pending_start = PJ_TRUE; 1411 srtp->keying_pending_cnt++; 1412 1413 /* Create SSL */ 1414 status = ssl_create(ds); 1415 if (status != PJ_SUCCESS) 1416 goto on_return; 1417 1418 /* Attach member transport, so we can send/receive DTLS init packets */ 1419 pj_bzero(&ap, sizeof(ap)); 1420 pj_sockaddr_cp(&ap.rem_addr, &ds->rem_addr); 1421 pj_sockaddr_cp(&ap.rem_rtcp, &ds->rem_rtcp); 1422 ap.addr_len = pj_sockaddr_get_len(&ap.rem_addr); 1423 status = pjmedia_transport_attach2(&ds->srtp->base, &ap); 1424 if (status != PJ_SUCCESS) 1425 goto on_return; 1426 1427 /* Start DTLS handshake */ 1428 pj_bzero(&srtp->rx_policy_neg, sizeof(srtp->rx_policy_neg)); 1429 pj_bzero(&srtp->tx_policy_neg, sizeof(srtp->tx_policy_neg)); 1430 status = ssl_handshake(ds); 1431 if (status != PJ_SUCCESS) 1432 goto on_return; 1433 1434 on_return: 1435 if (status != PJ_SUCCESS) { 1436 ssl_destroy(ds); 1437 } 1438 return status; 1439 }
Note: See TracChangeset
for help on using the changeset viewer.