A recent security fix for OpenSSL broke DTLS negotiation for many
applications. This was caused by read ahead not being enabled when it
should be. While a commit has gone into OpenSSL to force read ahead
on for DTLS it may take some time for a release to be made and the
change to be present in distributions (if at all). As enabling read
ahead is a simple one line change this commit does that and fixes
the issue.
ASTERISK-24711 #close
Reported by: Jared Biel
........
Merged revisions 431384 from http://svn.asterisk.org/svn/asterisk/branches/11
........
Merged revisions 431385 from http://svn.asterisk.org/svn/asterisk/branches/13
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@431386
65c4cc65-6c06-0410-ace0-
fbb531ad65f3
return -1;
}
+ SSL_CTX_set_read_ahead(rtp->ssl_ctx, 1);
+
rtp->dtls_verify = dtls_cfg->verify;
SSL_CTX_set_verify(rtp->ssl_ctx, (rtp->dtls_verify & AST_RTP_DTLS_VERIFY_FINGERPRINT) || (rtp->dtls_verify & AST_RTP_DTLS_VERIFY_CERTIFICATE) ?