kenmirrors
/
freeswitch
mirror of https://github.com/signalwire/freeswitch.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

FS-7425: set dh params and call set_tmp_dh to enable PFS for DTLS-SRTP

This commit is contained in:
Eric Tamme 2015-04-24 10:31:03 -05:00 committed by Brian
parent dbc124d45e
commit b9b1b61d20
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/switch_rtp.c
View File

@ -3075,6 +3075,8 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_dtls(switch_rtp_t *rtp_session, d
switch_dtls_t *dtls; switch_dtls_t *dtls;
int ret; int ret;
const char *kind = ""; const char *kind = "";
BIO *bio;
DH *dh;
#ifndef HAVE_OPENSSL_DTLS_SRTP #ifndef HAVE_OPENSSL_DTLS_SRTP
return SWITCH_STATUS_FALSE; return SWITCH_STATUS_FALSE;
@ -3122,6 +3124,12 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_dtls(switch_rtp_t *rtp_session, d
dtls->ssl_ctx = SSL_CTX_new(DTLSv1_method()); dtls->ssl_ctx = SSL_CTX_new(DTLSv1_method());
switch_assert(dtls->ssl_ctx); switch_assert(dtls->ssl_ctx);
bio = BIO_new_file(dtls->pem, "r");
dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
BIO_free(bio);
SSL_CTX_set_tmp_dh(dtls->ssl_ctx, dh);
DH_free(dh);
SSL_CTX_set_mode(dtls->ssl_ctx, SSL_MODE_AUTO_RETRY); SSL_CTX_set_mode(dtls->ssl_ctx, SSL_MODE_AUTO_RETRY);
//SSL_CTX_set_verify(dtls->ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); //SSL_CTX_set_verify(dtls->ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);