RuhNetConsulting
/
rtpengine
mirror of https://github.com/sipwise/rtpengine
1
1
Fork 0
Code Issues 0 Projects 0 Releases 822 Wiki Activity
Browse Source

TT#14008 fix erroneous crypto reset after rejecting DTLS 

If DTLS is rejected in an answer via `DTLS=off` we must forget that DTLS
was previously offered, as otherwise a re-invite would detect the
fingerprint as changed if the re-invite doesn't offer DTLS again. We
also make sure DTLS is shut down if during stream init DTLS is not
given, when it was present before.

Change-Id: I48ee6f0ec5ec02f558a6799951552ea2272d0e96
pull/1440/head
Richard Fuchs 4 years ago
parent
258f02b1c1
commit
4a173c2ebc
2 changed files with 12 additions and 2 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +7
    -1
      daemon/call.c
  2. +5
    -1
      daemon/dtls.c

+ 7
- 1
daemon/call.c View File

@ -1142,6 +1142,8 @@ static void __fill_stream(struct packet_stream *ps, const struct endpoint *epp,
}
void call_stream_crypto_reset(struct packet_stream *ps) {
ilog(LOG_DEBUG, "Resetting crypto context");
crypto_reset(&ps->crypto);
mutex_lock(&ps->in_lock);
@ -1226,6 +1228,8 @@ int __init_stream(struct packet_stream *ps) {
if (dtls_conn)
dtls_active = dtls_is_active(dtls_conn);
}
else
dtls_shutdown(ps);
if (MEDIA_ISSET(media, SDES) && dtls_active == -1) {
for (GList *l = ps->sfds.head; l; l = l->next) {
@ -1646,8 +1650,10 @@ static void __generate_crypto(const struct sdp_ng_flags *flags, struct call_medi
else {
/* if both SDES and DTLS are supported, we may use the flags to select one
* over the other */
if (MEDIA_ARESET2(this, DTLS, SDES) && flags->dtls_off)
if (MEDIA_ARESET2(this, DTLS, SDES) && flags->dtls_off) {
MEDIA_CLEAR(this, DTLS);
this->fingerprint.hash_func = NULL;
}
/* flags->sdes_off is ignored as we prefer DTLS by default */
/* if we're talking to someone understanding DTLS, then skip the SDES stuff */


+ 5
- 1
daemon/dtls.c View File

@ -791,9 +791,11 @@ void dtls_shutdown(struct packet_stream *ps) {
__DBG("dtls_shutdown");
bool had_dtls = false;
if (ps->ice_dtls.init) {
if (ps->ice_dtls.connected && ps->ice_dtls.ssl) {
had_dtls = true;
SSL_shutdown(ps->ice_dtls.ssl);
}
dtls_connection_cleanup(&ps->ice_dtls);
@ -806,6 +808,7 @@ void dtls_shutdown(struct packet_stream *ps) {
continue;
if (d->connected && d->ssl) {
had_dtls = true;
SSL_shutdown(d->ssl);
dtls(sfd, NULL, &ps->endpoint);
}
@ -821,7 +824,8 @@ void dtls_shutdown(struct packet_stream *ps) {
ps->dtls_cert = NULL;
}
call_stream_crypto_reset(ps);
if (had_dtls)
call_stream_crypto_reset(ps);
}
void dtls_connection_cleanup(struct dtls_connection *c) {


Write Preview
Loading…
Cancel
Save