tweak to srtp to support polycoms
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@7254 d0543943-73ff-0310-b7d9-9358b9ac24b2
This commit is contained in:
parent
ab1b61cb5d
commit
28d2dfdf3a
|
@ -52,7 +52,7 @@
|
||||||
<condition field="${call_debug}" expression="^true$" break="never">
|
<condition field="${call_debug}" expression="^true$" break="never">
|
||||||
<action application="info"/>
|
<action application="info"/>
|
||||||
</condition>
|
</condition>
|
||||||
<condition field="${sip_has_crypto}" expression="^AES_CM_128_HMAC_SHA1_32$" break="never">
|
<condition field="${sip_has_crypto}" expression="^(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)$" break="never">
|
||||||
<action application="set" data="sip_secure_media=true"/>
|
<action application="set" data="sip_secure_media=true"/>
|
||||||
</condition>
|
</condition>
|
||||||
<condition>
|
<condition>
|
||||||
|
@ -236,6 +236,13 @@
|
||||||
</condition>
|
</condition>
|
||||||
</extension>
|
</extension>
|
||||||
|
|
||||||
|
<extension name="echo">
|
||||||
|
<condition field="destination_number" expression="^9996$">
|
||||||
|
<action application="answer"/>
|
||||||
|
<action application="echo"/>
|
||||||
|
</condition>
|
||||||
|
</extension>
|
||||||
|
|
||||||
<extension name="milliwatt">
|
<extension name="milliwatt">
|
||||||
<condition field="destination_number" expression="^9997$">
|
<condition field="destination_number" expression="^9997$">
|
||||||
<action application="answer"/>
|
<action application="answer"/>
|
||||||
|
@ -251,7 +258,7 @@
|
||||||
</extension>
|
</extension>
|
||||||
|
|
||||||
<extension name="hold_music">
|
<extension name="hold_music">
|
||||||
<condition field="${sip_has_crypto}" expression="^AES_CM_128_HMAC_SHA1_32$" break="never">
|
<condition field="${sip_has_crypto}" expression="^(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)$" break="never">
|
||||||
<action application="answer"/>
|
<action application="answer"/>
|
||||||
<action application="execute_extension" data="is_secure XML default"/>
|
<action application="execute_extension" data="is_secure XML default"/>
|
||||||
</condition>
|
</condition>
|
||||||
|
|
|
@ -46,7 +46,7 @@
|
||||||
<!--<param name="bind-params" value="transport=udp"/>-->
|
<!--<param name="bind-params" value="transport=udp"/>-->
|
||||||
|
|
||||||
<!-- TLS: disabled by default, set to "true" to enable -->
|
<!-- TLS: disabled by default, set to "true" to enable -->
|
||||||
<param name="tls" value="false"/>
|
<param name="tls" value="true"/>
|
||||||
<!-- additional bind parameters for TLS -->
|
<!-- additional bind parameters for TLS -->
|
||||||
<param name="tls-bind-params" value="transport=tls"/>
|
<param name="tls-bind-params" value="transport=tls"/>
|
||||||
<!-- Port to listen on for TLS requests. (5061 will be used if unspecified) -->
|
<!-- Port to listen on for TLS requests. (5061 will be used if unspecified) -->
|
||||||
|
@ -54,7 +54,7 @@
|
||||||
<!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) -->
|
<!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) -->
|
||||||
<param name="tls-cert-dir" value="$${base_dir}/conf/ssl"/>
|
<param name="tls-cert-dir" value="$${base_dir}/conf/ssl"/>
|
||||||
<!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 -->
|
<!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 -->
|
||||||
<param name="tls-version" value="sslv23"/>
|
<param name="tls-version" value="tlsv1"/>
|
||||||
|
|
||||||
<!--If you don't want to pass through timestampes from 1 RTP call to another (on a per call basis with rtp_rewrite_timestamps chanvar)-->
|
<!--If you don't want to pass through timestampes from 1 RTP call to another (on a per call basis with rtp_rewrite_timestamps chanvar)-->
|
||||||
<!--<param name="rtp-rewrite-timestamps" value="true"/>-->
|
<!--<param name="rtp-rewrite-timestamps" value="true"/>-->
|
||||||
|
|
|
@ -345,6 +345,7 @@ struct private_object {
|
||||||
char *gateway_name;
|
char *gateway_name;
|
||||||
char *local_crypto_key;
|
char *local_crypto_key;
|
||||||
char *remote_crypto_key;
|
char *remote_crypto_key;
|
||||||
|
int crypto_tag;
|
||||||
unsigned char local_raw_key[SWITCH_RTP_MAX_CRYPTO_LEN];
|
unsigned char local_raw_key[SWITCH_RTP_MAX_CRYPTO_LEN];
|
||||||
unsigned char remote_raw_key[SWITCH_RTP_MAX_CRYPTO_LEN];
|
unsigned char remote_raw_key[SWITCH_RTP_MAX_CRYPTO_LEN];
|
||||||
switch_rtp_crypto_key_type_t crypto_send_type;
|
switch_rtp_crypto_key_type_t crypto_send_type;
|
||||||
|
|
|
@ -1352,7 +1352,8 @@ switch_status_t sofia_glue_activate_rtp(private_object_t *tech_pvt, switch_rtp_f
|
||||||
if (tech_pvt->remote_crypto_key && switch_test_flag(tech_pvt, TFLAG_SECURE)) {
|
if (tech_pvt->remote_crypto_key && switch_test_flag(tech_pvt, TFLAG_SECURE)) {
|
||||||
sofia_glue_add_crypto(tech_pvt, tech_pvt->remote_crypto_key, SWITCH_RTP_CRYPTO_RECV);
|
sofia_glue_add_crypto(tech_pvt, tech_pvt->remote_crypto_key, SWITCH_RTP_CRYPTO_RECV);
|
||||||
switch_rtp_add_crypto_key(tech_pvt->rtp_session, SWITCH_RTP_CRYPTO_SEND, 1, tech_pvt->crypto_type, tech_pvt->local_raw_key, SWITCH_RTP_KEY_LEN);
|
switch_rtp_add_crypto_key(tech_pvt->rtp_session, SWITCH_RTP_CRYPTO_SEND, 1, tech_pvt->crypto_type, tech_pvt->local_raw_key, SWITCH_RTP_KEY_LEN);
|
||||||
switch_rtp_add_crypto_key(tech_pvt->rtp_session, SWITCH_RTP_CRYPTO_RECV, 1, tech_pvt->crypto_type, tech_pvt->remote_raw_key, SWITCH_RTP_KEY_LEN);
|
switch_rtp_add_crypto_key(tech_pvt->rtp_session, SWITCH_RTP_CRYPTO_RECV, tech_pvt->crypto_tag,
|
||||||
|
tech_pvt->crypto_type, tech_pvt->remote_raw_key, SWITCH_RTP_KEY_LEN);
|
||||||
switch_channel_set_variable(tech_pvt->channel, SOFIA_SECURE_MEDIA_CONFIRMED_VARIABLE, "true");
|
switch_channel_set_variable(tech_pvt->channel, SOFIA_SECURE_MEDIA_CONFIRMED_VARIABLE, "true");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1547,11 +1548,23 @@ uint8_t sofia_glue_negotiate_sdp(switch_core_session_t *session, sdp_session_t *
|
||||||
ptime = atoi(a->a_value);
|
ptime = atoi(a->a_value);
|
||||||
} else if (!strcasecmp(a->a_name, "crypto") && a->a_value) {
|
} else if (!strcasecmp(a->a_name, "crypto") && a->a_value) {
|
||||||
crypto = a->a_value;
|
crypto = a->a_value;
|
||||||
|
int crypto_tag = atoi(crypto);
|
||||||
|
|
||||||
if (tech_pvt->remote_crypto_key) {
|
if (tech_pvt->remote_crypto_key) {
|
||||||
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Already have a key\n");
|
if (crypto_tag && crypto_tag == tech_pvt->crypto_tag) {
|
||||||
|
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Existing key is still valid.\n");
|
||||||
|
} else {
|
||||||
|
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Change Remote key to [%s]\n", crypto);
|
||||||
|
tech_pvt->remote_crypto_key = switch_core_session_strdup(tech_pvt->session, crypto);
|
||||||
|
tech_pvt->crypto_tag = crypto_tag;
|
||||||
|
sofia_glue_add_crypto(tech_pvt, tech_pvt->remote_crypto_key, SWITCH_RTP_CRYPTO_RECV);
|
||||||
|
switch_rtp_add_crypto_key(tech_pvt->rtp_session, SWITCH_RTP_CRYPTO_RECV, tech_pvt->crypto_tag,
|
||||||
|
tech_pvt->crypto_type, tech_pvt->remote_raw_key, SWITCH_RTP_KEY_LEN);
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
tech_pvt->remote_crypto_key = switch_core_session_strdup(tech_pvt->session, crypto);
|
tech_pvt->remote_crypto_key = switch_core_session_strdup(tech_pvt->session, crypto);
|
||||||
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Set Remote Key [%s]\n", tech_pvt->remote_crypto_key);
|
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Set Remote Key [%s]\n", tech_pvt->remote_crypto_key);
|
||||||
|
tech_pvt->crypto_tag = crypto_tag;
|
||||||
|
|
||||||
if (switch_strlen_zero(tech_pvt->local_crypto_key)) {
|
if (switch_strlen_zero(tech_pvt->local_crypto_key)) {
|
||||||
if (switch_stristr(SWITCH_RTP_CRYPTO_KEY_32, crypto)) {
|
if (switch_stristr(SWITCH_RTP_CRYPTO_KEY_32, crypto)) {
|
||||||
|
|
Loading…
Reference in New Issue