Changeset 5823

Timestamp:

Jul 16, 2018 7:35:52 AM (6 years ago)

Author:

nanang

Message:

Re #2096:

• For better interoperability, check remote support for DTLS-SRTP by inspecting SDP a=fingerprint availability instead of UDP/TLS/SRTP/SAVP.
• Bailout DTLS-SRTP when SDP a=fingerprint is not available.

Location:

pjproject/trunk/pjmedia

Files:

• include/pjmedia/errno.h (modified) (1 diff)
• src/pjmedia/errno.c (modified) (1 diff)
• src/pjmedia/transport_srtp_dtls.c (modified) (2 diffs)

pjproject/trunk/pjmedia/include/pjmedia/errno.h

@@ -646 +646 @@
 #define PJMEDIA_SRTP_DTLS_EFPNOTMATCH (PJMEDIA_ERRNO_START+242)  /* 220242 */
 
+/**
+ * @hideinitializer
+ * Fingerprint not found.
+ */
+#define PJMEDIA_SRTP_DTLS_ENOFPRINT (PJMEDIA_ERRNO_START+243)   /* 220243 */
+
 #endif /* PJMEDIA_HAS_SRTP */
 

pjproject/trunk/pjmedia/src/pjmedia/errno.c

@@ -170 +170 @@
     PJ_BUILD_ERR( PJMEDIA_SRTP_DTLS_EPEERNOCERT,"No certificate supplied by peer in DTLS nego" ),
     PJ_BUILD_ERR( PJMEDIA_SRTP_DTLS_EFPNOTMATCH,"Fingerprint from signalling not match to actual fingerprint" )
+    PJ_BUILD_ERR( PJMEDIA_SRTP_DTLS_ENOFPRINT,  "Fingerprint not found" )
 #endif
 

pjproject/trunk/pjmedia/src/pjmedia/transport_srtp_dtls.c

@@ -815 +815 @@
                                   NULL);
     if (!a) {
-        /* Let's just print warning for now, instead of returning error */
-        PJ_LOG(4,(ds->base.name, "Warning: no fingerprint attribute in "
-                                 "remote SDP, DTLS verification cannot "
-                                 "be done!"));
+        /* No fingerprint attribute in remote SDP */
+        return PJMEDIA_SRTP_DTLS_ENOFPRINT;
     } else {
         pj_str_t rem_fp = a->value;
@@ -1043 +1041 @@
          *    Check for DTLS-SRTP support in remote SDP. Detect remote
          *    support of DTLS-SRTP by inspecting remote SDP offer for
-         *    UDP/TLS/RTP/SAVP as media transport, this may be presented
-         *    in m= line.
+         *    SDP a=fingerprint attribute. And currently we only support
+         *    RTP/AVP transports.
          */
         pjmedia_sdp_media *m_rem = sdp_remote->media[media_index];
-        pjmedia_sdp_attr *attr_setup;
+        pjmedia_sdp_attr *attr_setup, *attr_fp;
         pj_uint32_t rem_proto = 0;
 
+        /* Find SDP a=fingerprint line. */
+        attr_fp = pjmedia_sdp_media_find_attr(m_rem, &ID_FINGERPRINT, NULL);
+        if (!attr_fp)
+            attr_fp = pjmedia_sdp_attr_find(sdp_remote->attr_count,
+                                            sdp_remote->attr, &ID_FINGERPRINT,
+                                            NULL);
+
+        /* Get media transport proto */
         rem_proto = pjmedia_sdp_transport_get_proto(&m_rem->desc.transport);
-        if (!PJMEDIA_TP_PROTO_HAS_FLAG(rem_proto, PJMEDIA_TP_PROTO_DTLS_SRTP))
+        if (!PJMEDIA_TP_PROTO_HAS_FLAG(rem_proto, PJMEDIA_TP_PROTO_RTP_AVP) ||
+            !attr_fp)
         {
             /* Remote doesn't signal DTLS-SRTP */