Changeset 5746 for pjproject/trunk/pjmedia/src/pjmedia/transport_srtp_dtls.c

Timestamp:

Feb 26, 2018 7:50:18 AM (6 years ago)

Author:

nanang

Message:

Fixe #2096:

• Fixed re-INVITE scenario: always generate SRTP attr in SDP re-offer/answer as both offerer/answerer (as long as SRTP is not disabled of course), currently it does not generate SRTP attr if active session does not use SRTP.
• Fixed bug in retrieving video stream info from SDP that caused DTLS transport (UDP/TLS/RTP/SAVP) getting rejected.
• Added pjsua app param '--srtp-keying=0/1' to choose SRTP keying to be used in the outgoing offer (0=SDES (default), 1=DTLS-SRTP).
• Few minors, e.g: adding transport_srtp_dtls/sdes.c to pjmedia MSVC2015 project.

File:

• pjproject/trunk/pjmedia/src/pjmedia/transport_srtp_dtls.c (modified) (9 diffs)

pjproject/trunk/pjmedia/src/pjmedia/transport_srtp_dtls.c

@@ -375 +375 @@
     unsigned i;
     int mode, rc;
-        
+
+    /* Check if it is already instantiated */
+    if (ds->ossl_ssl)
+        return PJ_SUCCESS;
+
     /* Create DTLS context */
     ctx = SSL_CTX_new(DTLS_method());
@@ -685 +689 @@
     pj_status_t status;
     int err;
+
+    /* Init DTLS (if not yet) */
+    status = ssl_create(ds);
+    if (status != PJ_SUCCESS)
+        return status;
 
     /* Check if handshake has been initiated or even completed */
@@ -1014 +1023 @@
     }
 
-    /* Init DTLS */
-    if (!ds->ossl_ssl) {
-        status = ssl_create(ds);
-        if (status != PJ_SUCCESS)
-            goto on_return;
-    }
-
     /* Set remote cert fingerprint verification status to PJ_EPENDING */
     ds->rem_fprint_status = PJ_EPENDING;
@@ -1100 +1102 @@
             ds->nego_started = PJ_FALSE;
             ds->got_keys = PJ_FALSE;
-
-            status = ssl_create(ds);
-            if (status != PJ_SUCCESS)
-                goto on_return;
-        }
-    }
-
-    /* Set media transport to UDP/TLS/RTP/SAVP */
-    m_loc->desc.transport = ID_TP_DTLS_SRTP;
+            ds->rem_fprint_status = PJ_EPENDING;
+        }
+    }
+
+    /* Set media transport to UDP/TLS/RTP/SAVP if we are the offerer,
+     * otherwise just match it to the offer (currently we only accept
+     * UDP/TLS/RTP/SAVP in remote offer though).
+     */
+    if (ds->srtp->offerer_side) {
+        m_loc->desc.transport = ID_TP_DTLS_SRTP;
+    } else {
+        m_loc->desc.transport = 
+                            sdp_remote->media[media_index]->desc.transport;
+    }
 
     /* Add a=fingerprint attribute, fingerprint of our TLS certificate */
@@ -1170 +1177 @@
         use_ice = ice_info && ice_info->comp_cnt;
         if (!use_ice) {
+            /* Start SSL nego */
             status = ssl_handshake(ds);
             if (status != PJ_SUCCESS)
@@ -1223 +1231 @@
             ds->nego_started = PJ_FALSE;
             ds->got_keys = PJ_FALSE;
-
-            status = ssl_create(ds);
-            if (status != PJ_SUCCESS)
-                goto on_return;
+            ds->rem_fprint_status = PJ_EPENDING;
         }
     } else {
@@ -1387 +1392 @@
 
     /* Find DTLS keying and destroy any other keying. */
-    for (j = 0; j < srtp->keying_cnt; ++j) {
-        if (srtp->keying[j]->op == &dtls_op)
-            ds = (dtls_srtp*)srtp->keying[j];
+    for (j = 0; j < srtp->all_keying_cnt; ++j) {
+        if (srtp->all_keying[j]->op == &dtls_op)
+            ds = (dtls_srtp*)srtp->all_keying[j];
         else
-            pjmedia_transport_close(srtp->keying[j]);
+            pjmedia_transport_close(srtp->all_keying[j]);
     }
 
@@ -1401 +1406 @@
     srtp->keying_cnt = 1;
     srtp->keying[0] = &ds->base;
-    srtp->keying_pending_cnt = 1;
+    srtp->keying_pending_cnt = 0;
 
     /* Apply param to DTLS-SRTP internal states */
@@ -1413 +1418 @@
     ds->pending_start = PJ_TRUE;
     srtp->keying_pending_cnt++;
-
-    /* Create SSL */
-    status = ssl_create(ds);
-    if (status != PJ_SUCCESS)
-        goto on_return;
 
     /* Attach member transport, so we can send/receive DTLS init packets */