|Summary:||ASTERISK-17103: Unable to establish SRTP if receive INVITE with no SDP|
|Reporter:||Bob Beers (bbeers)||Labels:|
|Date Opened:||2010-12-13 16:26:26.000-0600||Date Closed:||2012-02-27 12:39:51.000-0600|
|Environment:||Attachments:||( 0) 18470-Cisco_Invite_Without_SDP.txt|
|Description:||Asterisk does not include an a=crypto line in SDP of 200 OK after|
receiving an INVITE with no SDP.
encryption=yes in sip.conf.
|Comments:||By: David Woolley (davidw) 2010-12-16 11:12:55.000-0600|
There is a tenuous relationship with ASTERISK-13496, in that I think there are deep problems in the way the first SDP on OK case is handled. I submitted a patch for this against the related ASTERISK-16583, but I think only the short term workaround actually went into the code.
As I remember it, part of the problem is a failure to properly decouple the SDP negotiation from the SIP level dialogue. As I remember it, it tries to treat the SDP on an OK as a funny sort of reponse, when it is actually a first offer.
By: David Woolley (davidw) 2010-12-16 11:21:52.000-0600
Incidentally, the current issue started life as http://forums.digium.com/viewtopic.php?f=1&t=76452
By: Russell Bryant (russell) 2010-12-16 14:43:56.000-0600
Please include a SIP trace of a call that demonstrates the problem.
By: Bob Beers (bbeers) 2010-12-20 15:18:16.000-0600
I can't get the specific trace until sometime next week, when
my guy is back in the lab where the "offending" CCM is.
Meanwhile I will see if I can recreate the scenario with SIPP.
By: Bob Beers (bbeers) 2011-01-04 10:53:51.000-0600
ok, trace is uploaded. I stripped almost all the dialplan debug
messages and left the relevant leg SIP messages.
Interesting, I think, that asterisk recognized the issue.
Last line of trace is this:
[Jan 3 13:37:44] WARNING: chan_sip.c:8785 process_sdp: Matched device setup to use SRTP, but request was not!
By: Bob Beers (bbeers) 2011-01-25 10:24:32.000-0600
Sorry, attached a patch intended for issue 18674.
Hmmm, can I delete it from this issue?
Anyway, it is not directly relevant to this issue.
edit:issue # where patch should have gone.
By: Kinsey Moore (kmoore) 2012-02-10 08:59:43.870-0600
The documentation in the sample sip config makes it clear that the encryption option only applies to outbound calls. As a workaround, you might try setting your cisco device to "early offer" instead of "delayed offer" if that option is available to you. I'll see what I can do to add this feature (which will only go into trunk since it changes behavior), but if it's more than a couple hours worth of work then this will be closed as a feature request.
By: Kinsey Moore (kmoore) 2012-02-10 11:02:15.726-0600
Keeping some notes here so I don't forget, srtp is only initialized on incoming invites if there is a crypto offer or on outbound calls if encryption=yes is set. This would need to be provided for in sending out the 200 OK as well.
By: Kinsey Moore (kmoore) 2012-02-27 12:39:51.862-0600
Features requests are no longer submitted to or accepted through the issue tracker. Features requests are openly discussed on the mailing lists  and Asterisk IRC channels and made note of by Bug Marshals.
If you happen to come back to this issue and have a patch that enables this feature, we're happy to accept patches for features in this issue tracker.