Thanks, Johan. Perhaps I misunderstood the SRTP settings.
I need a way that I can make calls to both SIP: and SIPS: URIs. When
I make a call to a SIPS: URI, I want to use SRTP.
The code in its current state does not allow me to do that. If
use_srtp is set to PJMEDIA_SRTP_OPTIONAL, the code requires me to call
SIPS: URIs.
The documentation isn't as clear as I need it to be. The
documentation for use_srtp says that I can make SRTP not used at all,
optional, or mandatory. For optional SRTP, the documentation addresses
only incoming calls.
On Mon, Apr 10, 2017 at 4:41 AM, JOHAN LANTZ <johan.lantz@xxxxxxxxxxxxxx> wrote:
> Maybe I misunderstand your question but are you sure you problem is not the acc->cfg.srtp_secure_signaling setting?
>
> If that is set to require a secure signalling transport when SRTP is used, changing the value of pjsua_acc_config.use_srtp is probably not going to help if you use a non secure address.
>
> IIRC pjsua_acc_config.use_srtp basically checks if the sdp info contains RTP/AVP or RTP/SAVP and PJMEDIA_SRTP_OPTIONAL would allow both to pass but that is not related to the sip vs sips in the signalling part.
>
> Johan
>
>
>
> On 07/04/2017, 18:46, "pjsip on behalf of David Talmage" <pjsip-bounces@xxxxxxxxxxxxxxx on behalf of sip.phone.fan@xxxxxxxxx> wrote:
>
>>I think I found a bug in the way that PJSIP handles the SRTP settings.
>>Would someone please confirm this?
>>
>>When pjsua_acc_config.use_srtp is not PJMEDIA_SRTP_DISABLED, PJSIP
>>requires SRTP and all calls must be addressed to a sips: URI. PJSIP
>>rejects calls to sip: URIs with the status code
>>PJSIP_ESESSIONINSECURE.
>>
>>The behavior I expect is for PJSIP to fall back to an insecure call
>>when the destination URI is sip: and the value of
>>pjsua_acc_config.use_srtp is PJMEDIA_SRTP_OPTIONAL.
>>
>>The mistake is in pjsua_media.c:call_media_init_cb(). Here is the code:
>>
>> /* Check if SRTP requires secure signaling */
>> if (acc->cfg.use_srtp != PJMEDIA_SRTP_DISABLED) {
>> if (security_level < acc->cfg.srtp_secure_signaling) {
>> err_code = PJSIP_SC_NOT_ACCEPTABLE;
>> status = PJSIP_ESESSIONINSECURE;
>> goto on_return;
>> }
>> }
>>
>>I don't have a working solution yet. It looks easy but perhaps there
>>will be unintended consequences.
>>
>>_______________________________________________
>>Visit our blog: http://blog.pjsip.org
>>
>>pjsip mailing list
>>pjsip@xxxxxxxxxxxxxxx
>>http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
> _______________________________________________
> Visit our blog: http://blog.pjsip.org
>
> pjsip mailing list
> pjsip@xxxxxxxxxxxxxxx
> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
_______________________________________________
Visit our blog: http://blog.pjsip.org
pjsip mailing list
pjsip@xxxxxxxxxxxxxxx
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
