Summary: | ASTERISK-17103: Unable to establish SRTP if receive INVITE with no SDP | ||
Reporter: | Bob Beers (bbeers) | Labels: | |
Date Opened: | 2010-12-13 16:26:26.000-0600 | Date Closed: | 2012-02-27 12:39:51.000-0600 |
Priority: | Major | Regression? | No |
Status: | Closed/Complete | Components: | Channels/chan_sip/SRTP |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) 18470-Cisco_Invite_Without_SDP.txt | |
Description: | Asterisk does not include an a=crypto line in SDP of 200 OK after receiving an INVITE with no SDP. encryption=yes in sip.conf. | ||
Comments: | By: David Woolley (davidw) 2010-12-16 11:12:55.000-0600 There is a tenuous relationship with ASTERISK-13496, in that I think there are deep problems in the way the first SDP on OK case is handled. I submitted a patch for this against the related ASTERISK-16583, but I think only the short term workaround actually went into the code. As I remember it, part of the problem is a failure to properly decouple the SDP negotiation from the SIP level dialogue. As I remember it, it tries to treat the SDP on an OK as a funny sort of reponse, when it is actually a first offer. By: David Woolley (davidw) 2010-12-16 11:21:52.000-0600 Incidentally, the current issue started life as http://forums.digium.com/viewtopic.php?f=1&t=76452 By: Russell Bryant (russell) 2010-12-16 14:43:56.000-0600 Please include a SIP trace of a call that demonstrates the problem. By: Bob Beers (bbeers) 2010-12-20 15:18:16.000-0600 I can't get the specific trace until sometime next week, when my guy is back in the lab where the "offending" CCM is. Meanwhile I will see if I can recreate the scenario with SIPP. By: Bob Beers (bbeers) 2011-01-04 10:53:51.000-0600 ok, trace is uploaded. I stripped almost all the dialplan debug messages and left the relevant leg SIP messages. Interesting, I think, that asterisk recognized the issue. Last line of trace is this: [Jan 3 13:37:44] WARNING[25250]: chan_sip.c:8785 process_sdp: Matched device setup to use SRTP, but request was not! By: Bob Beers (bbeers) 2011-01-25 10:24:32.000-0600 Sorry, attached a patch intended for issue 18674. Hmmm, can I delete it from this issue? Anyway, it is not directly relevant to this issue. edit:issue # where patch should have gone. By: Kinsey Moore (kmoore) 2012-02-10 08:59:43.870-0600 The documentation in the sample sip config makes it clear that the encryption option only applies to outbound calls. As a workaround, you might try setting your cisco device to "early offer" instead of "delayed offer" if that option is available to you. I'll see what I can do to add this feature (which will only go into trunk since it changes behavior), but if it's more than a couple hours worth of work then this will be closed as a feature request. By: Kinsey Moore (kmoore) 2012-02-10 11:02:15.726-0600 Keeping some notes here so I don't forget, srtp is only initialized on incoming invites if there is a crypto offer or on outbound calls if encryption=yes is set. This would need to be provided for in sending out the 200 OK as well. By: Kinsey Moore (kmoore) 2012-02-27 12:39:51.862-0600 Features requests are no longer submitted to or accepted through the issue tracker. Features requests are openly discussed on the mailing lists [1] and Asterisk IRC channels and made note of by Bug Marshals. [1] http://www.asterisk.org/support/mailing-lists If you happen to come back to this issue and have a patch that enables this feature, we're happy to accept patches for features in this issue tracker. |