New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DTLS: Problem with forking #218

Closed
aboba opened this Issue Jun 24, 2015 · 1 comment

Comments

Projects
None yet
1 participant
@aboba
Copy link
Contributor

aboba commented Jun 24, 2015

In Example 6 in what is now Section 4.9, the sample code signals IceGatherer and DtlsTransport parameters, and then constructs IceTransport and DtlsTransport objects for each answer (see below).

The problem is that this doesn't work, because each newly constructed DtlsTransport has its own certificate and fingerprint, which doesn't match the fingerprint that was signaled in the original offer. As a result, remote peer attempts to verify the local fingerprint will fail.

SAMPLE CODE FAIL

mySignaller.mySendInitiate({
"ice": iceGatherer.getLocalParameters(),
"dtls": dtls.getLocalParameters(),
// ... marshall RtpSender/RtpReceiver capabilities as illustrated in Section 6.4 Example 7.
}, function(remote) {
// Create the ICE and DTLS transports
i = iceTransport.push(new RTCIceTransport(iceGatherer));
dtlsTransport.push(new RTCDtlsTransport(iceTransport[i]));
// Start the ICE transport
iceTransport[i].start(iceGatherer, remote.ice, RTCIceRole.controlling);
dtlsTransport[i].start(remote.dtls);
// ... configure RtpSender/RtpReceiver objects as illustrated in Section 6.4 Example 7.
});

@aboba aboba added the 1.1 label Jun 24, 2015

@aboba

This comment has been minimized.

Copy link
Contributor

aboba commented Jun 24, 2015

Resolution discussed at the ORTC CG meeting was to add a certificate as a mandatory argument in the DtlsTransport constructor.

@aboba aboba added the PR exists label Sep 12, 2015

robin-raymond pushed a commit that referenced this issue Sep 21, 2015

Robin Raymond
Added support for the WebRTC 1.0 certificate management API, as noted…
… in: Issue #195

Added certificate argument to the RTCDtlsTransport constructor, as noted in: Issue #218
Added the "failed" state to RTCDtlsTransportState, as noted in: Issue #219
Changed getNominatedCandidatePair to getSelectedCandidatePair, as noted in: Issue #220
Added support for WebRTC 1.0 RTCIceCredentialType, as noted in: Issue #222
Clarified behavior of createAssociatedGatherer(), as noted in: Issue #223
Changed spelling from "iceservers" to "iceServers" for consistency with WebRTC 1.0, as noted in: Issue #225
Added support for SCTP port numbers, as noted in: Issue #227
Changed "outbound-rtp" to "outboundrtp" within the Statistics API, as noted in: Issue #229
Changed maxPacketLifetime and maxRetransmits from unsigned short to unsigned long, as noted in: Issue #231
Clarified DataChannel negotiation, as noted in: Issue #233
Added getContributingSources() method, as noted in: Issue #236
Fixes to Examples 5 and 6, as noted in: Issue 237 and Issue #239
Fixed cut and paste errors in Example 11, as noted in: Issue #241

@aboba aboba closed this Oct 6, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment