Enhancement: Ability to specify DTLS cert/key (or print it at startup)

[jcuzens]

We would like to be able to capture and analyze the traffic between rtpengine and the WebRTC endpoints that we are connecting. Unfortunately, since the negotiation is in the media plane and we don't have access to the DTLS key since it gets generated at startup we are unable to do any capturing.

Two possible options that would be nice would be:
a) The ability to specify a DTLS cert/key that would be used.
b) Have an option to make rtpengine print the DTLS cert/key at startup.

Thanks,
Jarrod

[rfuchs]

Are you sure that this would actually help? Wouldn't you rather need the SRTP keys which are generated during each DTLS handshake?

[jcuzens]

I may be wrong but it seems like if I have the DTLS cert/key then it should
be possible to decrypt the DTLS handshake and then further since the DTLS
handshake provides the keying material for the SRTP we would be able to get
the SRTP keys and decrypt the the traffic.

On the other hand, yes, if it was possible to log the call id and the SRTP
key used then it would be helpful in allowing us to decrypt all the SRTP
traffic without bothering with the handshake so I suppose this would be a
nice option as well (maybe even the nicest option).

On Tue, Jan 13, 2015 at 12:09 PM, Richard Fuchs notifications@github.com
wrote:

Are you sure that this would actually help? Wouldn't you rather need the
SRTP keys which are generated during each DTLS handshake?

—
Reply to this email directly or view it on GitHub
#61 (comment).

[rfuchs]

Implemented as per 37d98ad

Make sure you run in log level 7 (DEBUG).