Originally we did the same thing with SRTP that we do without SRTP,
which is to simply not send packets when e.g. sleep is called.
At commits d63323977f and
5259814aee we enabled sending silence
packets with comfort noise when SRTP is active. We appear to have
done this for interop purposes; many devices can't handle gaps in the
stream of SRTP packets.
But our current comfort noise implementation doesn't take the codec
rate into account (FS-6291), so on 16kHz codecs the constant we chose
created an annoying level of static between sound file playback.
With this commit we preserve the sending of SRTP packets during idle
periods, but make those packets completely silent.
Thanks-to: Anthony Minessale <anthm@freeswitch.org>
FS-5053 --resolve
This shows the cipher name, TLS version, the number of cipher bits and
algorithm bits, and a description of the cipher in Sofia's debug
logging output on level 9.
sha1_init, sha1_update, and sha1_final were ending up as undefined
symbols in libfreeswitch.so because of the inline declaration, which
caused us to blow up while linking the freeswitch executable. Declare
these as static inline instead.
Unlike fread(3), read(3) will return -1 on error. We were assigning
the result of read to a potentially unsigned variable, and passing the
result down to switch_xml_parse_str() where it would end up
determining how many bytes to malloc(3).
Our sqlite fork was reading past the end of the zP3 KeyInfo structure
here. This was causing gcc and clang's address sanitization to alert.
FS-6279 --resolve
Thanks-to: Christopher Rienzo <chris@rienzo.net>
rtp_secure_media=true
--inbound: Accept the srongest supported offered crypto suite, MUST result in a negotiated crypto or aborts.
--outbound: offer all supported crypto suites, MUST result in a negotiated crypto or aborts.
rtp_secure_media=optional
--inbound: Accept the srongest supported offered crypto suite, fall back to no crypto if no valid ones accepted.
--outbound: offer all supported crypto suites, OPTIONAL result in a negotiated crypto falls back to no crypto.
rtp_secure_media=<suite1>,<suiteN>
--inbound: same behaviour as rtp_secure_media=true with smaller set of acceptable suites.
--outbound: offer supplied crypto suites, same behaviour as rtp_secure_media=true with smaller set of suites.
Jeff Lenk
Brian West
Peter Olsson
Anthony Minessale
Seven Du
Travis Cross
Tamas Cseke