|
Hi Harald, libsrtp requires to have OPENSSL defined, but the srtp_config.h lacks of an ifdef to check, whether PJSIP was configured to use OPENSSL ! I also don't understand, why i have to add the configure flag --with-ssl when it should be autoconfigured when available. There are two issues here, 1.) The core developers should outline in the docs how to enable DTLS GCM support as well as config.h options needed to enable it. 2.) The core developers should check the aconfigure.ac why i have to supply --with-ssl to enable gcm cipher support in the srtp lib. Without --with-ssl, the buildprocess won't complete as there are unresovled symbols (No define of OPENSSL 1). Libsrtp NEEDS "#define OPENSSL 1" to include gcm cipher support or it will fail with unresolved symbols.
TRY !!!: add these lines to the file build/srtp/srtp_config.h (NO LINEBREAKS !!! in the if defined clause !) #if defined(PJMEDIA_SRTP_HAS_AES_GCM_128)&&(PJMEDIA_SRTP_HAS_AES_GCM_128!=0)||defined(PJMEDIA_SRTP_HAS_AES_GCM_256)&&(PJMEDIA_SRTP_HAS_AES_GCM_256!=0)
I used these config_site.h flags: /*SRTP CIPHERS */
Be sure to use --with-ssl at configure time. I was able to compile but not to test, so please report back !
Symbols: nm libsrtp.so.2 |egrep -i 'srtp_aes_gcm_128_openssl|srtp_aes_gcm_256_openssl'
Best regards
Von: pjsip <pjsip-bounces@xxxxxxxxxxxxxxx> im Auftrag von Schuster Harald <hsc@xxxxxxxxxxxxxxxxxxxx>
Gesendet: Mittwoch, 11. Dezember 2019 20:30 An: pjsip@xxxxxxxxxxxxxxx Betreff: SRTP DTLS with AES GCM 128 --> no SRTP Stream Hi I am using a setup with PjProject 2.9 and OpenSSL 1.0.2h. I have the following config_site.h file. I use the LinPhone to test my own device and to establish a call. My device does never establish a call by himself. A normal call and a call with SRTP works fine but a call with DTLS doesn’t work. When the two lines with AES_GCM are removed from the config also the DTLS call works.
I saw in the wireshark trace that the hello client message that is send from my device with pjproject has no “use_srtp” extension. It stops with the “heartbeat” extension. When AES_GCM is removed the “use_srtp” extension exists. Is this a problem with the usage of openssl1.0.2h or is there any error in the configuration?! Does somebody knows this behavior?
In the makefile is use –with-ssl so that the installation of openssl is checked.
config_site.h #define PJ_SSL_SOCK_IMP PJ_SSL_SOCK_IMP_OPENSSL #define PJ_HAS_SSL_SOCK 1 #define PJMEDIA_HAS_SRTP 1 #define PJMEDIA_SRTP_HAS_SDES 1 #define PJMEDIA_SRTP_HAS_DTLS 1
#define PJMEDIA_SRTP_HAS_AES_CM_256 1 #define PJMEDIA_SRTP_HAS_AES_CM_128 1 #define PJMEDIA_SRTP_HAS_AES_GCM_256 1 #define PJMEDIA_SRTP_HAS_AES_GCM_128 1
PJ Logs: 2019-12-11 14:32:57.095170: [debug] dtls0x74213f40 !Failed to get SRTP material: No matching SRTP crypto-suite after DTLS nego (PJMEDIA_SRTP_DTLS_ENOCRYPTO) 2019-12-11 14:32:57.095349: [debug] pjsua_media.c Call 0: Media 0: SRTP negotiation completes: No matching SRTP crypto-suite after DTLS nego (PJMEDIA_SRTP_DTLS_ENOCRYPTO)
Configure: checking for OpenSSL installations.. pjproject-2.9-r2 do_configure: checking openssl/ssl.h usability... pjproject-2.9-r2 do_configure: yes checking openssl/ssl.h presence... pjproject-2.9-r2 do_configure: yes checking for openssl/ssl.h... pjproject-2.9-r2 do_configure: yes checking for ERR_load_BIO_strings in -lcrypto... pjproject-2.9-r2 do_configure: yes checking for SSL_CTX_new in -lssl... pjproject-2.9-r2 do_configure: yes pjproject-2.9-r2 do_configure: OpenSSL library found, SSL support enabled pjproject-2.9-r2 do_configure: checking for EVP_aes_128_gcm in -lcrypto... pjproject-2.9-r2 do_configure: yes pjproject-2.9-r2 do_configure: OpenSSL has AES GCM support, SRTP will use OpenSSL pjproject-2.9-r2 do_configure: Checking if OpenCORE AMR support is disabled... yes
Best regards Harald
|
_______________________________________________ Visit our blog: http://blog.pjsip.org pjsip mailing list pjsip@xxxxxxxxxxxxxxx http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
