patching Asterisk DTLS-SRTP for firefox/iceweasel

Daniel Pocock daniel at pocock.com.au
Wed Feb 5 17:20:38 UTC 2014 


Would anybody object if I upload this fix to experimental?

There is no asterisk package in experimental right now, I will call it

    1:11.7.0~dfsg-1+e1

where "-1+e1" suggests it comes between "-1" and "-2" releases


On 03/02/14 15:58, Daniel Pocock wrote:
> On 25/01/14 22:12, Tzafrir Cohen wrote:
>> On Sat, Jan 25, 2014 at 08:57:02PM +0100, Daniel Pocock wrote:
>>> On 24/01/14 18:28, Jeremy Lainé wrote:
>>>> On 01/24/2014 05:21 PM, Daniel Pocock wrote:
>>>>> I realize it is trivial, but would you consider putting those extra
>>>>> changelog entries on a wheezy-backports branch?  It makes it really
>>>>> obvious for any other user who wants to play with it on wheezy.
>>>>>
>>>> OK, I have just done so and will keep it updated in the future.
>>>>
>>>>> Could you also have a look at the patch from Nitish in Digium issue
>>>>> 22961 and consider having it in Debian?  I put it on a branch (also
>>>>> mentioned on the asterisk-dev list):
>>>>>
>>>>>
>>>>> http://anonscm.debian.org/gitweb/?p=pkg-voip/asterisk.git;a=shortlog;h=refs/heads/dtls-srtp-patch
>>>>>
>>>>> https://issues.asterisk.org/jira/browse/ASTERISK-22961
>>>> From a quick read through the bug report it does not seem that a
>>>> consensus has been reached on the solution, or am I mistaken?
>>> With or without consensus, the high level issue has been fairly constant
>>> for over a year now: Mozilla/Firefox is using SHA-256, a fairly standard
>>> algorithm offered by OpenSSL and the DTLS-SRTP standard and official
>>> Asterisk releases don't accept it.
>>>
>>> If you look back at where the email thread starts in January 2013,
>>> Digium were not keen to expend effort on this for commercial rather than
>>> technical reasons (my impression is they don't want to spend engineering
>>> time on something that may evolve further), see the "once everything
>>> gets settled" comment:
>>>
>>> http://lists.digium.com/pipermail/asterisk-dev/2013-January/058222.html
>>>
>>> This is quite logical from a commercial point of view, time spent
>>> tweaking this every time Firefox or Chrome changes may be a big drain on
>>> their resources.
>>>
>>> However, a lot of Debian users are using Iceweasel/Firefox and
>>> subsequent to my recent blog posts and experiences people had with my
>>> test links (http://www.sip5060.net/test-calls) several people emailed me
>>> privately expressing frustration that we appear to be favoring Chrome -
>>> the DTLS-SRTP problem puts Firefox WebRTC completely out of reach for
>>> them with the Asterisk package as it is.
>>>
>>> I've already included a basic patch for this in JSCommunicator (see the
>>> v1.0.10 diff) and providing the corresponding SHA-256 patch in the
>>> Asterisk package would give people the ability to evaluate end-to-end
>>> solutions using either major browser.
>> Besides further testing (which is what including the patch in Debian)
>> here's what can be done:
>>
>> * In the bug report Mathew Joran asks for a patch vs. trunk.
> 
> This probably has to be submitted by somebody who has signed the Digium
> contributor agreement.  Do you know if the authors of the patch are able
> to submit it like that?  I didn't make any further changes to it myself,
> I just put it under the debian/patches directory and it worked immediately.
> 
>>
>> * Generally patches from the bug tracker don't just get into Asterisk. A
>>   review in the review board is needed first. I'll try to post one if I
>>   can understand this patch well enough.
>>
>> (That said, don't wait for me to do that)
> 
> Does that depend on having the patch against trunk?  I can review the
> patch as it is.
> 
> Regardless of the Digium process, have you had any more thoughts about
> including it in Debian?  I actually had intermittent crashes in 11.7
> before and they have gone away since I started using 11.7 with this
> patch.  Having it work for Firefox/Iceweasel (from both mobile and
> desktop) is obviously a very positive outcome.  It should be fine to
> just merge my little branch into master and upload as 1:11.7.0~dfsg-2
> 
> 
> 
> _______________________________________________
> Pkg-voip-maintainers mailing list
> Pkg-voip-maintainers at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-voip-maintainers
>

More information about the Pkg-voip-maintainers mailing list