patching Asterisk DTLS-SRTP for firefox/iceweasel (was: tracking asterisk backports uploads in Git?)

Mon Feb 3 14:58:46 UTC 2014

On 25/01/14 22:12, Tzafrir Cohen wrote:
> On Sat, Jan 25, 2014 at 08:57:02PM +0100, Daniel Pocock wrote:
>> On 24/01/14 18:28, Jeremy Lainé wrote:
>>> On 01/24/2014 05:21 PM, Daniel Pocock wrote:
>>>> I realize it is trivial, but would you consider putting those extra
>>>> changelog entries on a wheezy-backports branch?  It makes it really
>>>> obvious for any other user who wants to play with it on wheezy.
>>>>
>>> OK, I have just done so and will keep it updated in the future.
>>>
>>>> Could you also have a look at the patch from Nitish in Digium issue
>>>> 22961 and consider having it in Debian?  I put it on a branch (also
>>>> mentioned on the asterisk-dev list):
>>>>
>>>>
>>>> http://anonscm.debian.org/gitweb/?p=pkg-voip/asterisk.git;a=shortlog;h=refs/heads/dtls-srtp-patch
>>>>
>>>> https://issues.asterisk.org/jira/browse/ASTERISK-22961
>>> From a quick read through the bug report it does not seem that a
>>> consensus has been reached on the solution, or am I mistaken?
>> With or without consensus, the high level issue has been fairly constant
>> for over a year now: Mozilla/Firefox is using SHA-256, a fairly standard
>> algorithm offered by OpenSSL and the DTLS-SRTP standard and official
>> Asterisk releases don't accept it.
>>
>> If you look back at where the email thread starts in January 2013,
>> Digium were not keen to expend effort on this for commercial rather than
>> technical reasons (my impression is they don't want to spend engineering
>> time on something that may evolve further), see the "once everything
>> gets settled" comment:
>>
>> http://lists.digium.com/pipermail/asterisk-dev/2013-January/058222.html
>>
>> This is quite logical from a commercial point of view, time spent
>> tweaking this every time Firefox or Chrome changes may be a big drain on
>> their resources.
>>
>> However, a lot of Debian users are using Iceweasel/Firefox and
>> subsequent to my recent blog posts and experiences people had with my
>> test links (http://www.sip5060.net/test-calls) several people emailed me
>> privately expressing frustration that we appear to be favoring Chrome -
>> the DTLS-SRTP problem puts Firefox WebRTC completely out of reach for
>> them with the Asterisk package as it is.
>>
>> I've already included a basic patch for this in JSCommunicator (see the
>> v1.0.10 diff) and providing the corresponding SHA-256 patch in the
>> Asterisk package would give people the ability to evaluate end-to-end
>> solutions using either major browser.
> Besides further testing (which is what including the patch in Debian)
> here's what can be done:
>
> * In the bug report Mathew Joran asks for a patch vs. trunk.

This probably has to be submitted by somebody who has signed the Digium
contributor agreement.  Do you know if the authors of the patch are able
to submit it like that?  I didn't make any further changes to it myself,
I just put it under the debian/patches directory and it worked immediately.

>
> * Generally patches from the bug tracker don't just get into Asterisk. A
>   review in the review board is needed first. I'll try to post one if I
>   can understand this patch well enough.
>
> (That said, don't wait for me to do that)

Does that depend on having the patch against trunk?  I can review the
patch as it is.

Regardless of the Digium process, have you had any more thoughts about
including it in Debian?  I actually had intermittent crashes in 11.7
before and they have gone away since I started using 11.7 with this
patch.  Having it work for Firefox/Iceweasel (from both mobile and
desktop) is obviously a very positive outcome.  It should be fine to
just merge my little branch into master and upload as 1:11.7.0~dfsg-2