DTLS/SRTP processing.
More...
#include "janus.h"
#include "debug.h"
#include "dtls.h"
#include "rtcp.h"
#include "events.h"
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/asn1.h>
DTLS/SRTP processing.
- Author
- Lorenzo Miniero loren.nosp@m.zo@m.nosp@m.eetec.nosp@m.ho.c.nosp@m.om
- Copyright
- GNU General Public License v3
Implementation (based on OpenSSL and libsrtp) of the DTLS/SRTP transport. The code takes care of the DTLS handshake between peers and the server, and sets the proper SRTP and SRTCP context up accordingly. A DTLS alert from a peer is notified to the plugin handling him/her by means of the hangup_media callback.
Protocols
◆ DTLS_AUTOCERT_DURATION
| #define DTLS_AUTOCERT_DURATION 60*60*24*365 |
◆ DTLS_DEFAULT_CIPHERS
| #define DTLS_DEFAULT_CIPHERS "DEFAULT:!NULL:!aNULL:!SHA256:!SHA384:!aECDH:!AESGCM+AES256:!aPSK" |
◆ DTLS_ELLIPTIC_CURVE
| #define DTLS_ELLIPTIC_CURVE NID_X9_62_prime256v1 |
◆ janus_dtls_are_selfsigned_certs_ok()
| gboolean janus_dtls_are_selfsigned_certs_ok |
( |
void | | ) |
|
Method to check whether DTLS self-signed certificates are ok (default) or not.
◆ janus_dtls_get_local_fingerprint()
| gchar * janus_dtls_get_local_fingerprint |
( |
void | | ) |
|
Method to return a string representation (SHA-256) of the certificate fingerprint.
◆ janus_dtls_srtp_cleanup()
| void janus_dtls_srtp_cleanup |
( |
void | | ) |
|
Method to cleanup DTLS stuff before exiting.
◆ janus_dtls_srtp_init()
| gint janus_dtls_srtp_init |
( |
const char * | server_pem, |
|
|
const char * | server_key, |
|
|
const char * | password, |
|
|
const char * | ciphers, |
|
|
guint16 | timeout, |
|
|
gboolean | rsa_private_key, |
|
|
gboolean | accept_selfsigned ) |
DTLS stuff initialization.
- Parameters
-
| [in] | server_pem | Path to the certificate to use |
| [in] | server_key | Path to the key to use |
| [in] | password | Password needed to use the key, if any |
| [in] | ciphers | DTLS ciphers to use (will use hardcoded defaults, if NULL) |
| [in] | timeout | DTLS timeout base, in ms, to use for retransmissions (ignored if not using BoringSSL) |
| [in] | rsa_private_key | Whether RSA certificates should be generated, instead of NIST P-256 |
| [in] | accept_selfsigned | Whether to accept self-signed certificates (default) or enforce validation |
- Returns
- 0 in case of success, a negative integer on errors
◆ janus_get_dtls_srtp_profile()
| const gchar * janus_get_dtls_srtp_profile |
( |
int | profile | ) |
|
Helper method to get a string representation of an SRTP profile.
- Parameters
-
| [in] | profile | The SRTP profile as exported by a DTLS-SRTP handshake |
- Returns
- A string representation of the profile
◆ janus_get_dtls_srtp_role()
Helper method to get a string representation of a DTLS role.
- Parameters
-
- Returns
- A string representation of the role
◆ janus_get_dtls_srtp_state()
Helper method to get a string representation of a Janus DTLS state.
- Parameters
-
| [in] | state | The Janus DTLS state |
- Returns
- A string representation of the state
◆ janus_get_ssl_version()
| const char * janus_get_ssl_version |
( |
void | | ) |
|
Helper method to return info on the crypto library and its version.
- Returns
- A pointer to a static string with the version
◆ janus_is_dtls()
| gboolean janus_is_dtls |
( |
char * | buf | ) |
|
Helper method to demultiplex DTLS from other protocols.
- Parameters
-
