Summary: | ASTERISK-25101: DTLS configuration can not be specified in the general section - documentation | ||
Reporter: | Ben Langfeld (benlangfeld) | Labels: | |
Date Opened: | 2015-05-19 09:26:37 | Date Closed: | 2017-06-01 08:34:30 |
Priority: | Major | Regression? | No |
Status: | Closed/Complete | Components: | Channels/chan_sip/SRTP Resources/res_rtp_asterisk Resources/res_srtp |
Versions: | 11.17.1 | Frequency of Occurrence | Constant |
Related Issues: | |||
Environment: | Linux asterisk 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux | Attachments: | ( 0) asterisk.log ( 1) asterisk.pem ( 2) extensions.conf ( 3) sip.conf |
Description: | [Edit by Rusty]
The sip.conf documentation in 11 and 13 doesn't make it clear that DTLS configuration is only per-peer. The documentation in Master points out that you can set it in general. This issue is now for improving the documentation in 11 and 13 to make it clear that DTLS configuration is available in peer configuration only. [End Edit] Using SIP.js as a client over ws:// with the attached sip.conf and extensions.conf, a call from Chrome 39.0.2171.95 (64-bit) receives a response from Asterisk with an SDP containing an empty fingerprint: "a=fingerprint:SHA-256\n". The certificate in use can be found in asterisk.pem. I found some related material, but which did not address this issue directly: ASTERISK-22961 | ||
Comments: | By: Joshua C. Colp (jcolp) 2015-05-19 09:34:10.970-0500 DTLS configuration can not be specified in the general section. It must be specified on the user/friend/peer. Try moving the rest of the DTLS configuration to it and seeing if that helps. By: Ben Langfeld (benlangfeld) 2015-05-19 09:38:30.320-0500 Thanks Josh. I'll send a pull request shortly which fixes the example sip.conf to point this out. Right now, the config file says: ; Note that all configuration options except dtlsenable can be set at the general level. ; If set they will be present on the user or peer unless overridden with a different value. By: Joshua C. Colp (jcolp) 2015-05-19 09:42:43.278-0500 That's applicable to master. A community member wrote support for it and after some code review it went into it. In previous versions it wasn't true. By: Friendly Automation (friendly-automation) 2017-06-01 08:34:30.985-0500 Change 5696 merged by Joshua Colp: sip.conf.sample: Clarify where DTLS settings are permitted [https://gerrit.asterisk.org/5696|https://gerrit.asterisk.org/5696] |