res_rtp_asterisk: Add SHA-256 support for DTLS and perform DTLS negotiation on RTCP.

This change fixes up DTLS support in res_rtp_asterisk so it can accept and provide
a SHA-256 fingerprint, so it occurs on RTCP, and so it occurs after ICE negotiation
completes. Configuration options to chan_sip have also been added to allow behavior
to be tweaked (such as forcing the AVP type media transports in SDP).

ASTERISK-22961 #close
Reported by: Jay Jideliov

Review: https://reviewboard.asterisk.org/r/3679/


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@417677 65c4cc65-6c06-0410-ace0-fbb531ad65f3

UPGRADE.txt

@@ -26,6 +26,20 @@ from 11.10.0 to 11.11.0
    amount of data to the connected client, and the connected client is slow
    to process the received data, the socket may be disconnected. In such
    cases, it may be necessary to adjust this value. Default is 100 ms.
+ - Added a 'force_avp' option for chan_sip. When enabled this option will
+   cause the media transport in the offer or answer SDP to be 'RTP/AVP',
+   'RTP/AVPF', 'RTP/SAVP', or 'RTP/SAVPF' even if a DTLS stream has been
+   configured. This option can be set to improve interoperability with WebRTC
+   clients that don't use the RFC defined transport for DTLS.
+ - The 'dtlsverify' option in chan_sip now has additional values besides
+   'yes' and 'no'. If 'yes' is specified both the certificate and fingerprint
+   will be verified. If 'no' is specified then neither the certificate or
+   fingerprint is verified. If 'certificate' is specified then only the
+   certificate is verified. If 'fingerprint' is specified then only the
+   fingerprint is verified.
+ - A 'dtlsfingerprint' option has been added to chan_sip which allows the
+   hash to be specified for the DTLS fingerprint placed in SDP. Supported
+   values are 'sha-1' and 'sha-256' with 'sha-256' being the default.
 
 from 11.10.0 to 11.10.1
  - MixMonitor AMI actions now require users to have authorization classes.