asterisk

Commit Graph

Author	SHA1	Message	Date
Richard Mudgett	f3cdc37300	AST-2017-008: Improve RTP and RTCP packet processing. Validate RTCP packets before processing them. * Validate that the received packet is of a minimum length and apply the RFC3550 RTCP packet validation checks. * Fixed potentially reading garbage beyond the received RTCP record data. * Fixed rtp->themssrc only being set once when the remote could change the SSRC. We would effectively stop handling the RTCP statistic records. * Fixed rtp->themssrc to not treat a zero value as special by adding rtp->themssrc_valid to indicate if rtp->themssrc is available. ASTERISK-27274 Make strict RTP learning more flexible. Direct media can cause strict RTP to attempt to learn a remote address again before it has had a chance to learn the remote address the first time. Because of the rapid relearn requests, strict RTP could latch onto the first remote address and fail to latch onto the direct media remote address. As a result, you have one way audio until the call is placed on and off hold. The new algorithm learns remote addresses for a set time (1.5 seconds) before locking the remote address. In addition, we must see a configured number of remote packets from the same address in a row before switching. * Fixed strict RTP learning from always accepting the first new address packet as the new stream. * Fixed strict RTP to initialize the expected sequence number with the last received sequence number instead of the last transmitted sequence number. * Fixed the predicted next sequence number calculation in rtp_learning_rtp_seq_update() to handle overflow. ASTERISK-27252 Change-Id: Ia2d3aa6e0f22906c25971e74f10027d96525f31c	8 years ago
Joshua Colp	b7c84650b1	Merge "res_rtp_asterisk: Only learn a new source in learn state." into 11	8 years ago
Corey Farrell	e918cb2b1e	AST-2017-006: Fix app_minivm application MinivmNotify command injection An admin can configure app_minivm with an externnotify program to be run when a voicemail is received. The app_minivm application MinivmNotify uses ast_safe_system() for this purpose which is vulnerable to command injection since the Caller-ID name and number values given to externnotify can come from an external untrusted source. * Add ast_safe_execvp() function. This gives modules the ability to run external commands with greater safety compared to ast_safe_system(). Specifically when some parameters are filled by untrusted sources the new function does not allow malicious input to break argument encoding. This may be of particular concern where CALLERID(name) or CALLERID(num) may be used as a parameter to a script run by ast_safe_system() which could potentially allow arbitrary command execution. * Changed app_minivm.c:run_externnotify() to use the new ast_safe_execvp() instead of ast_safe_system() to avoid command injection. * Document code injection potential from untrusted data sources for other shell commands that are under user control. ASTERISK-27103 Change-Id: I7552472247a84cde24e1358aaf64af160107aef1	8 years ago
Joshua Colp	d8d3f12720	res_rtp_asterisk: Only learn a new source in learn state. This change moves the logic which learns a new source address for RTP so it only occurs in the learning state. The learning state is entered on initial allocation of RTP or if we are told that the remote address for the media has changed. While in the learning state if we continue to receive media from the original source we restart the learning process. It is only once we receive a sufficient number of RTP packets from the new source that we will switch to it. Once this is done the closed state is entered where all packets that do not originate from the expected source are dropped. The learning process has also been improved to take into account the time between received packets so a flood of them while in the learning state does not cause media to be switched. Finally RTCP now drops packets which are not for the learned SSRC if strict RTP is enabled. ASTERISK-27013 Change-Id: I56a96e993700906355e79bc880ad9d4ad3ab129c	8 years ago
zuul	c5e8dc65ab	Merge "res_fax: Fix a tight race condition causing fax to crash in audio fallback" into 11	9 years ago
Torrey Searle	c0c041d9c7	res_fax: Fix a tight race condition causing fax to crash in audio fallback When T.38 gets rejected and G711 failback occurs there is a period of time where neither AST_FAX_TECH_T38 nor AST_FAX_TECH_AUDIO is set, leading to a crash. Change-Id: Icc3f457b2292d48a9d7843dac0028347420cc982	9 years ago
Torrey Searle	847ead5a9a	res_rtp_asterisk: Fix infinite DTMF issue when switching to P2P bridge If a bridge switched to P2P when a DTMF was in progress it was possible for the DTMF to continue being sent indefinitely. Change-Id: I7e2a3efe0d59d4b214ed50cd0b5d0317e2d92e29	9 years ago
Richard Mudgett	76e5c36c29	res_fax: Fix deadlock in ast_channel_get_t38_state(). ast_channel_get_t38_state() calls ast_channel_queryoption() with AST_OPTION_T38_STATE. If the passed in channel is a local channel then a deadlock can happen if a channel lock is held when called. * Made ast_channel_get_t38_state() callers not hold a channel lock before calling. * Update ast_channel_get_t38_state() doxygen to note that no channel locks can be held when calling the function. ASTERISK-26203 #close Reported by: Etienne Lessard ASTERISK-24822 #close Reported by: David Brillert ASTERISK-22732 #close Reported by: Richard Mudgett Change-Id: I49fd76fa9af628b4198009b5c0b82c8b03681214	10 years ago
Richard Mudgett	2e7ad40f41	res_fax.c, res_fax_spandsp.c: Misc deadlock fixes. * Fixed locking inconsistency in fax_gateway_start() when calling the gateway technology start_session callback. The callback was called with and without the channel lock held. Calling the callback with the channel lock held could deadlock in spandsp_fax_gateway_start() which calls ast_channel_get_t38_state(). * Fixed deadlock potential in fax_detect_framehook() when calling ast_channel_make_compatible(). ASTERISK-26203 Reported by: Etienne Lessard ASTERISK-24822 Reported by: David Brillert ASTERISK-22732 Reported by: Richard Mudgett Change-Id: I5a7b8e9e7b198802df06dff0ea48d96bd6d7b912	10 years ago
Richard Mudgett	8015550116	res_fax.c: Fix deadlock in fax_gateway_indicate_t38(). fax_gateway_indicate_t38() calls ast_indicate_data() which cannot be called with any channel locks already held. A deadlock can happen if the function is operating on a local channel. * Made fax_gateway_indicate_t38() unlock the channel before calling ast_indicate_data() since fax_gateway_indicate_t38() is always called with the channel locked. * Made fax_gateway_indicate_t38() return void since nothing cared about its return value. ASTERISK-26203 Reported by: Etienne Lessard ASTERISK-24822 Reported by: David Brillert ASTERISK-22732 Reported by: Richard Mudgett Change-Id: I701ff2d26c5fc23e0d5a48a3fd98759a9fd09407	10 years ago
Richard Mudgett	e79bf5539f	res_fax.c: Add chan locked precondition comments. Change-Id: Ic10ae434536bbf7fb7055d6ab36cc50b8748a4e7	10 years ago
Richard Mudgett	6429a27b88	ast_framehook_detach() must be called with the channel locked. The framehook container could become corrupted if the channel lock is not held before calling. Change-Id: If0a1c7ba0484ed3a191106a7516526b905952584	10 years ago
Richard Mudgett	258705cfcd	res_fax: Fix latent bug exposed by ASTERISK-24841 changes. Three fax related tests started failing as a result of changes made for ASTERISK-24841: tests/fax/pjsip/gateway_t38_g711 tests/fax/sip/gateway_mix1 tests/fax/sip/gateway_mix3 Historically, ast_channel_make_compatible() did nothing if the channels were already "compatible" even if they had a sub-optimal translation path already setup. With the changes from ASTERISK-24841 this is no longer true in order to allow the best translation paths to always be picked. In res_fax.c:fax_gateway_framehook() code manually setup the channels to go through slin and then called ast_channel_make_compatible(). With the previous version of ast_channel_make_compatible() this was always a no-operation. * Remove call to ast_channel_make_compatible() in fax_gateway_framehook() that now undoes what was just setup when the framehook is attached. * Fixed locking around saving the channel formats in fax_gateway_framehook() to ensure that the formats that are saved are consistent. * Fix copy pasta errors in fax_gateway_framehook() that confuses read and write when dealing with saved channel formats. ASTERISK-24841 Reported by: Matt Jordan Backported from v13 revision `82bc0fd3ad` mainly to get the diff between v11 and v13 smaller but this also fixes a potential deadlock when dealing with the chan and the peer together. Change-Id: I6fda0877104a370af586a5e8cf9e161a484da78d	10 years ago
Richard Mudgett	dd600f60be	res_fax.c: Remove redundant locking. When FAX was developed, apparently the faxregistry.container used to be a linked list that was converted to an ao2 container. Some of the replacement ao2 container operations still had explicit lock/unlocks around them. Two off nominal code paths in res_fax.c unlock the channel even though the routine did not lock the channel and other code paths in the routine do not unlock the channel. Review: https://reviewboard.asterisk.org/r/4340/ Backported from v13 revision `fa80d9658d`. Change-Id: I59a1b95a91dac8375e0db568ddb217bcd6d7d2fa	10 years ago
Richard Mudgett	350c866eb5	res_fax: Fix some curlies on the end of function definitions. Backported from v13 revision `6c426e86bd`. Change-Id: Iaa561a17c88d4383971f4b4fc8cee24318e779c4	10 years ago
Alexander Traud	cdc1af48e6	res_rtp_asterisk: Count a roll-over of the sequence number even on lost packets. With this change, the initial RTP sequence number is randomly chosen not between 0 and 65535 (0xffff) but 0 and 32767 (0x7fff). This assures, the roll-over counter (ROC) synchronization is not lost for sRTP, when the very first RTP packets get lost; see http://srtp.sourceforge.net/faq.html#Q6 ASTERISK-26207 #close Change-Id: I9a527e3aa3ce8f3becc5131d7ba32b57b5845464	10 years ago
zuul	adb5f3bf9b	Merge "res_rtp_asterisk: Enable Forward Secrecy (PFS) for DTLS." into 11	10 years ago
Alexander Traud	8653da4fa2	res_rtp_asterisk: Enable Forward Secrecy (PFS) for DTLS. Since July 2014, TLS based protocols (SIP over TLS, Secure WebSockets, HTTPS) support PFS thanks to ASTERISK-23905. In July 2015, the same feature was added for DTLS. The source code from main/tcptls.c should have been re-used to ease security audits. Therefore, this change rolls back the change from July 2015 and re-uses the code from July 2014. This has the additional benefits to work under CentOS 7 and enabling not just ECDHE but DHE based cipher suites as well. ASTERISK-25659 #close Reported by: StefanEng86, urbaniak, pay123 Tested by: sarumjanuch, traud patches: res_rtp_asterisk.patch submitted by sarumjanuch dtls_centos_step_1.patch submitted by traud dtls_centos_step_2.patch submitted by traud Change-Id: I537cadf4421f092a613146b230f2c0ee1be28d5c	10 years ago
zuul	1affbd9449	Merge "res_fax: Fix reference leak in fax_v21_session_new." into 11	10 years ago
Corey Farrell	d4f0cc5ec5	res_fax: Fix reference leak in fax_v21_session_new. fax_v21_session_new created a session details object but only released the allocation reference during error conditions. fax_session_new adds it's own reference to details if needed so the caller is always responsible for cleaning it's own reference. ASTERISK-26141 #close Change-Id: Ie7fc52a83b6596ce9ce2d5a2bd9f3e204f48fc88	10 years ago
George Joseph	9548ccca0e	res_rtp_asterisk: Fix a self-comparison identified by gcc 6 gcc 6 caught a previously unidentified self-comparison in ice_candidate_cmp. Fixed it and re-ordered the predicates for better short-circuiting. ASTERISK-26140 #close Change-Id: I3da713c568e24064430257b3502fbdafd35af7a7	10 years ago
zuul	ff2573bc3a	Merge "res_rtp_asterisk: fix memory leak in dtls" into 11	10 years ago
Torrey Searle	63f041dc6b	res_rtp_asterisk: fix memory leak in dtls ensure that cert bios get freed after creating the fingerprint ASTERISK-26129 #close Change-Id: I44d23aea07dce80176ca1ff877c5ace9452ef451	10 years ago
Alexander Traud	eeae30db50	res_rtp_asterisk: Use latest DTLS version available by underlying platform. Do not use DTLSv1_method() but DTLS_method() when available in OpenSSL of the underlying platform. This change enables DTLS 1.2 since OpenSSL 1.0.2, for WebRTC (DTLS-SRTP via SIP-over-WebSockets). This change enables AEAD-based cipher-suites. ASTERISK-26130 #close Change-Id: I41f24448d6d2953e8bdb97c9f4a6bc8a8f055fd0	10 years ago
Alexei Gradinari	7133572cf8	fix: memory and resource leaks ASTERISK-26119 #close Change-Id: Iecbf7d0f360a021147344c4e83ab242fd1e7512c	10 years ago
Alexander Traud	effa207bc4	res_srtp: Instead of libSRTP use OpenSSL as random source. Since libSRTP 1.5, its Random Number Generator (RNG) is not maintained anymore. Therefore, the symbol RAND_bytes is used instead of crypto_get_random. ASTERISK-24436 #close Change-Id: Iea0bae4d4e3c9aa0926ea442b6484b5159789d96	10 years ago
Alexei Gradinari	987ec85681	res_fax/t38_gateway: Peer V.21 session is created on wrong channel The channel and peer V.21 sessions are created on the same channel now. The peer V.21 session should be created only on peer channel when one of channel can handle T.38. Also this patch enable debug for T.38 gateway session if global fax debug enabled. ASTERISK-25982 Change-Id: I78387156ea521a77eb0faf170179ddd37a50430e	10 years ago
Walter Doekes	7878141198	musiconhold: Only warn if music class is not found in memory and database. The log message when a MusicOnHold music class was not found was changed from debug level to WARNING level in Asterisk 11.19 and 13.5. For those using realtime musiconhold, this message is wrong because it warns before checking the database. This changeset delays the warning until after the database has been checked. Reported-by: Conrad de Wet ASTERISK-25444 #close Change-Id: I6cfb2db2f9cfbd2bb3d30566ecae361c4abf6dbf	10 years ago
Christof Lauber	8ba5eb42f5	res_config_sqlite3: Fix crashes when reading peers from sqlite3 tables Introduced realloaction of ast_str buf in sqlite3_escape functions in case the returned buffer from threadstorage was actually too small. Change-Id: I3c5eb43aaade93ee457943daddc651781954c445	10 years ago
Karsten Wemheuer	78fb989209	res_xmpp: Does not connect in component mode The module res_xmpp does not accept usernames in the form used in component mode (XEP-0114). In component mode there is no @something in the name. In component mode the connection is now not dropped anymore. If the xmpp server sends out a "stream" tag before handshake is finished, the connection gets dropped in res_xmpp. Now this tag will be ignored and the connection will be established. After connecting there will be an exchange of presence states. This does not work as expected in component mode. The responsible function "xmpp_pak_presence" is left before the states get sent out. Sending presence states in component mode is now moved to the top of the function. ASTERISK-25735 #close Change-Id: I70e036f931c3124ebb2ad1e56f93ed35cfdd9d5c	10 years ago
Sean Bright	2d29e67567	res_musiconhold: Prevent multiple simultaneous reloads. There are two ways in which the reload() function in res_musiconhold can be called from the CLI: * module reload res_musiconhold.so * moh reload In the former case, the module loader holds a lock that prevents multiple concurrent calls, but in the latter there is no such protection. This patch changes the 'moh reload' CLI command to invoke the module loader directly, rather than call reload() explicitly. ASTERISK-25687 #close Change-Id: I408968b4c8932864411b7f9ad88cfdc7b9ba711c	10 years ago
Joshua Colp	2012acac20	Merge "res_crypto: Perform cleanup at shutdown." into 11	10 years ago
Corey Farrell	006ce3679c	res_calendar: Cleanup scheduler context at unload. ASTERISK-25679 #close Change-Id: I839159bf6882cccc1b23494c7aa2bc2a2624613f	10 years ago
Corey Farrell	d2fd720290	res_crypto: Perform cleanup at shutdown. This change causes res_crypto to unregister CLI at shutdown while still preventing the module from being unloaded. ASTERISK-25673 #close Change-Id: Ie5d57338dc2752abfc0dd05d0eec86413f2304fc	10 years ago
Dade Brandon	10435bfa69	res_http_websocket.c: prevent avoidable disconnections caused by write errors Updated ast_websocket_write to encode the entire frame in to one write operation, to ensure that we don't end up with a situation where the websocket header has been sent, while the body can not be written. Previous to August's patch in commit `b9bd3c14`, certain network conditions could cause the header to be written, and then the sub-sequent body to fail - which would cause the next successful write to contain a new header, and a new body (resulting in the peer receiving two headers - the second of which would be read as part of the body for the first header). This was patched to have both write operations individually fail by closing the websocket. In a case available to the submitter of this patch, the same body which would consistently fail to write, would succeed if written at the same time as the header. This update merges the two operations in to one, adds debug messages indicating the reason for a websocket connection being closed during a write operation, and clarifies some variable names for code legibility. Change-Id: I4db7a586af1c7a57184c31d3d55bf146f1a40598	10 years ago
Kevin Harwell	3066b80259	res_rtp_asterisk: rtp->ice check not wrapped in USE_PJPROJECT ifdef Change-Id: I19b49112e1b630bd04e859f14ccf96f8ebd6b151	10 years ago
Dade Brandon	6dc4aacaed	res_rtp_asterisk: Resolve further timing issues with DTLS negotiation Resolves an edge case dtls negotiation delay for certain networks which somehow manage to drop the rtcp side's packet when these are both sent ast_rtp_remote_address_set, causing it to have to time-out and restart the handshake. Move dtls pending bio flush in to it's own function, and call it from ast_rtp_on_ice_complete, when we're rtp->ice, rather than when ast_rtp_remote_address_set. Keep the existing flush from the recent change to res_rtp_remote_address_set if ice is not being used. ASTERISK-25614 #close Reported-by: XenCALL Tested by: XenCALL Change-Id: Ie2caedbdee1783159f375589b6fd3845c8577ba5	10 years ago
server-pandora	5e6b1476a0	res_rtp_asterisk.c: Fix DTLS negotiation delays. - Trigger pending DTLS packets to send out, once the RTP instance's remote address is set. - Avoids locking the DTLS structure unnecessarily by only doing this if DTLS is passive. - Add DTLS locks around the structurally sensitive calls in the SSL portion of __rtp_recvfrom, since dtls_srtp_check_pending does not lock inside of itself, and we're dealing with the SSL BIO in at least two threads. WebRTC channels may receive a DTLS handshake before ast_rtp_remote_address_set is called, which causes there to be a pending response to send out. Previous to 1ad827, this was handled by calling dtls_srtp_check_pending on receipt of any RTP packet - a STUN or RTP packet could trigger the pending handshake response. Since that was rightfully removed, whenever the DTLS handshake is received before the remote address is set, we would have to wait until another SSL packet arrives. As of Chrome M47's optimizations to their handshake process, WebRTC conversations between Chrome M47+ and Asterisk, where Asterisk is passive, experience a 1 second delay without this patch, because the SSL handshake is received before ICE negotation stores the remote_address, and the next SSL packet isn't received until after a 1 second timeout in Chrome, which causes a new handshake request. ASTERISK-25614 #close Change-Id: I547f1be7e302dbf71f6553dd8cbc0657b1d0b908	10 years ago
Kevin Harwell	92f631e2f4	fastagi: record file closed after sending result The fastagi record-file testsuite test sometimes fails reporting an empty recorded file. This was happening because Asterisk was sending the agi result notification prior to actually closing the file and the data, being buffered, had not been written to the file yet when the test attempts to check the file size. This patch makes it so the record file stream is closed prior to sending the agi result notification. ASTERISK-25593 #close Change-Id: I6b2b3be3ae37f7c7b18e672c419a89b3b8513cde	10 years ago
Steve Davies	e74110188d	Further fixes to improper usage of scheduler When ASTERISK-25449 was closed, a number of scheduler issues mentioned in the comments were missed. These have since beed raised in ASTERISK-25476 and elsewhere. This patch attempts to collect all of the scheduler issues discovered so far and address them sensibly. ASTERISK-25476 #close Change-Id: I87a77d581e2e0d91d33b4b2fbff80f64a566d05b	10 years ago
Richard Mudgett	9f4892ece4	res_config_pgsql.c: Fix deadlock loading realtime configuration. On v13, loading several thousand PJSIP endpoints on Asterisk start causes a deadlock most of the time. Thanks to mdu113 for discovering that there was a call to pgsql_exec() not protected by the pgsql_lock reentrancy lock. {quote} I believe a code path exists that attempts to use pgsql connection without locking pgsql_lock. I believe what happens during that deadlock that I see is two concurrent threads are both attempting to send query to pgsql, one of the thread is using a code path without locking pgsql_lock. If they managed to send queries at the same time, it seems postgres ignores one of the queries and replies only to the one of them. If it happens so that the thread holding the lock didn't receive the reply it will wait for it (and hold the lock) forever (or at least for very long time), thus completely blocking all access to db. {quote} * Added missing reentrancy locking around pgsql_exec() in find_table(). * Moved unlock of pgsql_lock in unload_module() to avoid locking inversion between the psql_tables list lock and the pgsql_lock. ASTERISK-25455 #close Reported by: mdu113 Patches: res_config_pgsql.c-connlock2.diff (license #5543) patch uploaded by mdu113 Change-Id: Id9e7cdf8a3b65ff19964b0cf942ace567938c4e2	10 years ago
Matt Jordan	44efdbd2de	res/res_rtp_asterisk: Fix assignment after ao2 decrement When we decide we will no longer schedule an RTCP write, we remove the reference to the RTP instance, then assign -1 to the stored scheduler ID in case something else comes along and wants to see if anything is scheduled. That scheduler ID is on the RTP instance. After `60a9172d7e` was merged to fix the regression introduced by `3cf0f29310`, this improper assignment on a potentially destroyed object started getting tripped on the build agents. Frankly, this should have been crashing a lot more often earlier. I can only assume that the timing was changed just enough by both changes to start actually hitting this problem. As it is, simply moving the assignment prior to the ao2 deference is sufficient to keep the RTP instance from being referenced when it is very, truly, aboslutely dead. (Note that it is still good practice to assign -1 to the scheduler ID when we know we won't be scheduling it again, as the ao2 deref may not always destroy the ao2 object.) ASTERISK-25449 Change-Id: Ie6d3cb4adc7b1a6c078b1c38c19fc84cf787cda7	10 years ago
Matt Jordan	60a9172d7e	Fix improper usage of scheduler exposed by `5c713fdf18` When `5c713fdf18` was merged, it allowed for scheduled items to have an ID of '0' returned. While this was valid per the documentation for the API, it was apparently never returned previously. As a result, several users of the scheduler API viewed the result as being invalid, causing them to reschedule already scheduled items or otherwise fail in interesting ways. This patch corrects the users such that they view '0' as valid, and a returned ID of -1 as being invalid. Note that the failing HEP RTCP tests now pass with this patch. These tests failed due to a duplicate scheduling of the RTCP transmissions. ASTERISK-25449 #close Change-Id: I019a9aa8b6997584f66876331675981ac9e07e39	10 years ago
Joshua Colp	fa0985851a	res_rtp_asterisk: Move "Set role" warning to be debug. In practice the set_role API callback can be invoked even when no ICE is present on an RTP instance. This can occur if ICE has not been enabled on it. ASTERISK-25438 #close Change-Id: I0e17e4316f0f0d7f095c78c3d4fd73a913b6ba69	10 years ago
David M. Lee	819760baec	res_rtp_asterisk: Add more ICE debugging In working through a recent ICE negotiation bug, I found the debug logging in res_rtp_asterisk to be lacking. This patch adds a number of debug and warning statements that were helpful. Change-Id: I950c6d8f13a41f14b3d6334b4cafe7d4e997be80	10 years ago
David M. Lee	94b764c8f3	Fix when remote candidates exceed PJ_ICE_MAX_CAND We were passing the wrong count into pj_ice_sess_create_check_list(), causing the create to fail if we ever received more than PJ_ICE_MAX_CAND candidates. Change-Id: I0303d8e1ecb20a8de9fe629a3209d216c4028378	11 years ago
Joshua Colp	b9bd3c1435	res_http_websocket: Forcefully terminate on write errors. The res_http_websocket module will currently attempt to close the WebSocket connection if fatal cases occur, such as when attempting to write out data and being unable to. When the fatal cases occur the code attempts to write a WebSocket close frame out to have the remote side close the connection. If writing this fails then the connection is not terminated. This change forcefully terminates the connection if the WebSocket is to be closed but is unable to send the close frame. ASTERISK-25312 #close Change-Id: I10973086671cc192a76424060d9ec8e688602845	11 years ago
David M. Lee	06b464ab1b	Replace htobe64 with htonll We don't have a compatability function to fill in a missing htobe64; but we already have one for the identical htonll. Change-Id: Ic0a95db1c5b0041e14e6b127432fb533b97e4cac	11 years ago
Joshua Colp	c7a1dca4ba	res_rtp_asterisk: Don't leak temporary key when enabling PFS. A change recently went in which enabled perfect forward secrecy for DTLS in res_rtp_asterisk. This was accomplished two different ways depending on the availability of a feature in OpenSSL. The fallback method created a temporary instance of a key but did not free it. This change fixes that. ASTERISK-25265 Change-Id: Iadc031b67a91410bbefb17ffb4218d615d051396	11 years ago
Mark Duncan	2d2e741905	res/res_rtp_asterisk: Add ECDH support This will add ECDH support to Asterisk. It will detect auto ECDH support in OpenSSL (1.0.2b and above) during ./configure. If this is available, it will use it, otherwise it will fall back to prime256v1 (this behavior is consistent with other projects such as Apache and nginx). This fixes WebRTC being broken in Firefox 38+ due to Firefox now only supporting ciphers with perfect forward secrecy. ASTERISK-25265 #close Change-Id: I8c13b33a2a79c0bde2e69e4ba6afa5ab9351465b	11 years ago

1 2 3 4 5 ...

2076 Commits (f3cdc37300eb796677c874912ae13f283cb70f13)