Loading...
Searching...
No Matches
DTLS/SRTP processing. More...
#include "janus.h"#include "debug.h"#include "dtls.h"#include "rtcp.h"#include "events.h"#include <openssl/err.h>#include <openssl/bn.h>#include <openssl/evp.h>#include <openssl/rsa.h>#include <openssl/asn1.h>
Macros | |
| #define | DTLS_DEFAULT_CIPHERS "DEFAULT:!NULL:!aNULL:!SHA256:!SHA384:!aECDH:!AESGCM+AES256:!aPSK" |
| #define | DTLS_AUTOCERT_DURATION 60*60*24*365 |
| #define | DTLS_ELLIPTIC_CURVE NID_X9_62_prime256v1 |
Functions | |
| const gchar * | janus_get_dtls_srtp_state (janus_dtls_state state) |
| Helper method to get a string representation of a Janus DTLS state. | |
| const gchar * | janus_get_dtls_srtp_role (janus_dtls_role role) |
| Helper method to get a string representation of a DTLS role. | |
| const gchar * | janus_get_dtls_srtp_profile (int profile) |
| Helper method to get a string representation of an SRTP profile. | |
| gboolean | janus_is_dtls (char *buf) |
| Helper method to demultiplex DTLS from other protocols. | |
| gboolean | janus_dtls_are_selfsigned_certs_ok (void) |
| Method to check whether DTLS self-signed certificates are ok (default) or not. | |
| gchar * | janus_dtls_get_local_fingerprint (void) |
| Method to return a string representation (SHA-256) of the certificate fingerprint. | |
| const char * | janus_get_ssl_version (void) |
| Helper method to return info on the crypto library and its version. | |
| gint | janus_dtls_srtp_init (const char *server_pem, const char *server_key, const char *password, const char *ciphers, guint16 timeout, gboolean rsa_private_key, gboolean accept_selfsigned) |
| DTLS stuff initialization. | |
| void | janus_dtls_srtp_cleanup (void) |
| Method to cleanup DTLS stuff before exiting. | |
| janus_dtls_srtp * | janus_dtls_srtp_create (void *ice_component, janus_dtls_role role) |
| Create a janus_dtls_srtp instance. | |
| void | janus_dtls_srtp_handshake (janus_dtls_srtp *dtls) |
| Start a DTLS handshake. | |
| int | janus_dtls_srtp_create_sctp (janus_dtls_srtp *dtls) |
| Create an SCTP association, for data channels. | |
| void | janus_dtls_srtp_incoming_msg (janus_dtls_srtp *dtls, char *buf, uint16_t len) |
| Handle an incoming DTLS message. | |
| void | janus_dtls_srtp_send_alert (janus_dtls_srtp *dtls) |
| Send an alert on a janus_dtls_srtp instance. | |
| void | janus_dtls_srtp_destroy (janus_dtls_srtp *dtls) |
| Destroy a janus_dtls_srtp instance. | |
| void | janus_dtls_callback (const SSL *ssl, int where, int ret) |
| DTLS alert callback (http://www.openssl.org/docs/ssl/SSL_CTX_set_info_callback.html) | |
| int | janus_dtls_verify_callback (int preverify_ok, X509_STORE_CTX *ctx) |
| DTLS certificate verification callback (http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html) | |
| gboolean | janus_dtls_retry (gpointer stack) |
| DTLS retransmission timer. | |
DTLS/SRTP processing.
Implementation (based on OpenSSL and libsrtp) of the DTLS/SRTP transport. The code takes care of the DTLS handshake between peers and the server, and sets the proper SRTP and SRTCP context up accordingly. A DTLS alert from a peer is notified to the plugin handling him/her by means of the hangup_media callback.
| #define DTLS_AUTOCERT_DURATION 60*60*24*365 |
| #define DTLS_DEFAULT_CIPHERS "DEFAULT:!NULL:!aNULL:!SHA256:!SHA384:!aECDH:!AESGCM+AES256:!aPSK" |
| #define DTLS_ELLIPTIC_CURVE NID_X9_62_prime256v1 |
| gboolean janus_dtls_are_selfsigned_certs_ok | ( | void | ) |
Method to check whether DTLS self-signed certificates are ok (default) or not.
| void janus_dtls_callback | ( | const SSL * | ssl, |
| int | where, | ||
| int | ret ) |
DTLS alert callback (http://www.openssl.org/docs/ssl/SSL_CTX_set_info_callback.html)
| [in] | ssl | SSL instance where the alert occurred |
| [in] | where | The context where the event occurred |
| [in] | ret | The error code |
| gchar * janus_dtls_get_local_fingerprint | ( | void | ) |
Method to return a string representation (SHA-256) of the certificate fingerprint.
| gboolean janus_dtls_retry | ( | gpointer | stack | ) |
DTLS retransmission timer.
As libnice is going to actually send and receive data, OpenSSL cannot handle retransmissions by itself: this timed callback (g_source_set_callback) deals with this.
| [in] | stack | Opaque pointer to the janus_dtls_srtp instance to use |
| void janus_dtls_srtp_cleanup | ( | void | ) |
Method to cleanup DTLS stuff before exiting.
| janus_dtls_srtp * janus_dtls_srtp_create | ( | void * | component, |
| janus_dtls_role | role ) |
Create a janus_dtls_srtp instance.
| [in] | component | Opaque pointer to the component owning that will use the stack |
| [in] | role | The role of the DTLS stack (client/server) |
| int janus_dtls_srtp_create_sctp | ( | janus_dtls_srtp * | dtls | ) |
Create an SCTP association, for data channels.
| [in] | dtls | The janus_dtls_srtp instance to setup SCTP on |
| void janus_dtls_srtp_destroy | ( | janus_dtls_srtp * | dtls | ) |
Destroy a janus_dtls_srtp instance.
| [in] | dtls | The janus_dtls_srtp instance to destroy |
| void janus_dtls_srtp_handshake | ( | janus_dtls_srtp * | dtls | ) |
Start a DTLS handshake.
| [in] | dtls | The janus_dtls_srtp instance to start the handshake on |
| void janus_dtls_srtp_incoming_msg | ( | janus_dtls_srtp * | dtls, |
| char * | buf, | ||
| uint16_t | len ) |
Handle an incoming DTLS message.
| [in] | dtls | The janus_dtls_srtp instance to start the handshake on |
| [in] | buf | The DTLS message data |
| [in] | len | The DTLS message data length |
| gint janus_dtls_srtp_init | ( | const char * | server_pem, |
| const char * | server_key, | ||
| const char * | password, | ||
| const char * | ciphers, | ||
| guint16 | timeout, | ||
| gboolean | rsa_private_key, | ||
| gboolean | accept_selfsigned ) |
DTLS stuff initialization.
| [in] | server_pem | Path to the certificate to use |
| [in] | server_key | Path to the key to use |
| [in] | password | Password needed to use the key, if any |
| [in] | ciphers | DTLS ciphers to use (will use hardcoded defaults, if NULL) |
| [in] | timeout | DTLS timeout base, in ms, to use for retransmissions (ignored if not using BoringSSL) |
| [in] | rsa_private_key | Whether RSA certificates should be generated, instead of NIST P-256 |
| [in] | accept_selfsigned | Whether to accept self-signed certificates (default) or enforce validation |
| void janus_dtls_srtp_send_alert | ( | janus_dtls_srtp * | dtls | ) |
Send an alert on a janus_dtls_srtp instance.
| [in] | dtls | The janus_dtls_srtp instance to send the alert on |
| int janus_dtls_verify_callback | ( | int | preverify_ok, |
| X509_STORE_CTX * | ctx ) |
DTLS certificate verification callback (http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html)
This method always returns 1 (true), in order not to fail when a certificate verification is requested. This is especially needed because all certificates used for DTLS in WebRTC are self signed, and as such a formal verification would fail.
| [in] | preverify_ok | Whether the verification of the certificate was passed |
| [in] | ctx | context used for the certificate verification |
| const gchar * janus_get_dtls_srtp_profile | ( | int | profile | ) |
Helper method to get a string representation of an SRTP profile.
| [in] | profile | The SRTP profile as exported by a DTLS-SRTP handshake |
| const gchar * janus_get_dtls_srtp_role | ( | janus_dtls_role | role | ) |
Helper method to get a string representation of a DTLS role.
| [in] | role | The DTLS role |
| const gchar * janus_get_dtls_srtp_state | ( | janus_dtls_state | state | ) |
Helper method to get a string representation of a Janus DTLS state.
| [in] | state | The Janus DTLS state |
| const char * janus_get_ssl_version | ( | void | ) |
Helper method to return info on the crypto library and its version.
| gboolean janus_is_dtls | ( | char * | buf | ) |
Helper method to demultiplex DTLS from other protocols.
| [in] | buf | Buffer to inspect |