Skip to content

DTLS: Problem with forking #218

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
aboba opened this issue Jun 24, 2015 · 1 comment
Closed

DTLS: Problem with forking #218

aboba opened this issue Jun 24, 2015 · 1 comment
Labels
1.1 PR exists

Comments

@aboba
Copy link
Contributor

aboba commented Jun 24, 2015

In Example 6 in what is now Section 4.9, the sample code signals IceGatherer and DtlsTransport parameters, and then constructs IceTransport and DtlsTransport objects for each answer (see below).

The problem is that this doesn't work, because each newly constructed DtlsTransport has its own certificate and fingerprint, which doesn't match the fingerprint that was signaled in the original offer. As a result, remote peer attempts to verify the local fingerprint will fail.

SAMPLE CODE FAIL

mySignaller.mySendInitiate({
"ice": iceGatherer.getLocalParameters(),
"dtls": dtls.getLocalParameters(),
// ... marshall RtpSender/RtpReceiver capabilities as illustrated in Section 6.4 Example 7.
}, function(remote) {
// Create the ICE and DTLS transports
i = iceTransport.push(new RTCIceTransport(iceGatherer));
dtlsTransport.push(new RTCDtlsTransport(iceTransport[i]));
// Start the ICE transport
iceTransport[i].start(iceGatherer, remote.ice, RTCIceRole.controlling);
dtlsTransport[i].start(remote.dtls);
// ... configure RtpSender/RtpReceiver objects as illustrated in Section 6.4 Example 7.
});
@aboba aboba added the 1.1 label Jun 24, 2015
@aboba
Copy link
Contributor Author

aboba commented Jun 24, 2015

Resolution discussed at the ORTC CG meeting was to add a certificate as a mandatory argument in the DtlsTransport constructor.

robin-raymond pushed a commit that referenced this issue Sep 21, 2015
Added support for the WebRTC 1.0 certificate management API, as noted…
674f156 
… in: Issue #195

Added certificate argument to the RTCDtlsTransport constructor, as noted in: Issue #218
Added the "failed" state to RTCDtlsTransportState, as noted in: Issue #219
Changed getNominatedCandidatePair to getSelectedCandidatePair, as noted in: Issue #220
Added support for WebRTC 1.0 RTCIceCredentialType, as noted in: Issue #222
Clarified behavior of createAssociatedGatherer(), as noted in: Issue #223
Changed spelling from "iceservers" to "iceServers" for consistency with WebRTC 1.0, as noted in: Issue #225
Added support for SCTP port numbers, as noted in: Issue #227
Changed "outbound-rtp" to "outboundrtp" within the Statistics API, as noted in: Issue #229
Changed maxPacketLifetime and maxRetransmits from unsigned short to unsigned long, as noted in: Issue #231
Clarified DataChannel negotiation, as noted in: Issue #233
Added getContributingSources() method, as noted in: Issue #236
Fixes to Examples 5 and 6, as noted in: Issue 237 and Issue #239
Fixed cut and paste errors in Example 11, as noted in: Issue #241
@aboba aboba closed this as completed Oct 6, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1.1 PR exists
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@aboba