RuhNetConsulting
/
rtpengine
mirror of https://github.com/sipwise/rtpengine
1
1
Fork 0
Code Issues 0 Projects 0 Releases 823 Wiki Activity
Browse Source

TT#14008 fix erroneous crypto reset after rejecting DTLS 

If DTLS is rejected in an answer via `DTLS=off` we must forget that DTLS
was previously offered, as otherwise a re-invite would detect the
fingerprint as changed if the re-invite doesn't offer DTLS again. We
also make sure DTLS is shut down if during stream init DTLS is not
given, when it was present before.

Change-Id: I48ee6f0ec5ec02f558a6799951552ea2272d0e96
mr9.5.4
Richard Fuchs 4 years ago
parent
9b6c545426
commit
b5f9f229f3
2 changed files with 13 additions and 2 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +7
    -1
      daemon/call.c
  2. +6
    -1
      daemon/dtls.c

+ 7
- 1
daemon/call.c View File

@ -1051,6 +1051,8 @@ static void __fill_stream(struct packet_stream *ps, const struct endpoint *epp,
}
void call_stream_crypto_reset(struct packet_stream *ps) {
ilog(LOG_DEBUG, "Resetting crypto context");
crypto_reset(&ps->crypto);
mutex_lock(&ps->in_lock);
@ -1129,6 +1131,8 @@ int __init_stream(struct packet_stream *ps) {
if (dtls_conn)
dtls_active = dtls_is_active(dtls_conn);
}
else
dtls_shutdown(ps);
if (MEDIA_ISSET(media, SDES) && dtls_active == -1) {
for (GList *l = ps->sfds.head; l; l = l->next) {
@ -1491,8 +1495,10 @@ static void __generate_crypto(const struct sdp_ng_flags *flags, struct call_medi
else {
/* if both SDES and DTLS are supported, we may use the flags to select one
* over the other */
if (MEDIA_ARESET2(this, DTLS, SDES) && flags->dtls_off)
if (MEDIA_ARESET2(this, DTLS, SDES) && flags->dtls_off) {
MEDIA_CLEAR(this, DTLS);
this->fingerprint.hash_func = NULL;
}
/* flags->sdes_off is ignored as we prefer DTLS by default */
/* if we're talking to someone understanding DTLS, then skip the SDES stuff */


+ 6
- 1
daemon/dtls.c View File

@ -1,6 +1,7 @@
#include "dtls.h"
#include <stdio.h>
#include <stdbool.h>
#include <string.h>
#include <glib.h>
#include <openssl/ssl.h>
@ -786,9 +787,11 @@ void dtls_shutdown(struct packet_stream *ps) {
__DBG("dtls_shutdown");
bool had_dtls = false;
if (ps->ice_dtls.init) {
if (ps->ice_dtls.connected && ps->ice_dtls.ssl) {
had_dtls = true;
SSL_shutdown(ps->ice_dtls.ssl);
}
dtls_connection_cleanup(&ps->ice_dtls);
@ -801,6 +804,7 @@ void dtls_shutdown(struct packet_stream *ps) {
continue;
if (d->connected && d->ssl) {
had_dtls = true;
SSL_shutdown(d->ssl);
dtls(sfd, NULL, &ps->endpoint);
}
@ -816,7 +820,8 @@ void dtls_shutdown(struct packet_stream *ps) {
ps->dtls_cert = NULL;
}
call_stream_crypto_reset(ps);
if (had_dtls)
call_stream_crypto_reset(ps);
}
void dtls_connection_cleanup(struct dtls_connection *c) {


Write Preview
Loading…
Cancel
Save