Crash on DTLS resumed handshake

[mattschertler]

For DTLS-SRTP our implementation does a normal DTLS handshake on the RTP port. After that we start a resumed handshake on the RTCP port, in order to duplicate the same DTLS session to both ports. This is done to save CPU load on key exchange and certificate validation.

When sending a ClientHello with the SessionID from RTP to the RTCP port the browser crashes immediately.

Regards, matt

[Rugvip]

As long as the same PEM cert is set for both RTP and RTCP, which will always be the case in OWR, the DtlsAgent should be shared between the two, which in turn means that the SSL context will be shared. I'd expect that sharing the SSL context enables whatever session optimizations that OpenSSL supports.

In any case we will need some logs to debug this issue, running with dtls:5 should hopefully do the trick.

Also, have you also verified that rtcp mux is switched off?

[mattschertler]

Yes, I have the same certificate for both ports. RTCP mux is not used, as we don't support it.

To explain what I'm doing. I start a WebRTC call from Bowser to a VoIP phone (our implementation). When I answer the call on the phone, Bowser crashes. When i configure the phone to do full DTLS handshakes for RTP and RTCP, Bowser doesn't crash.

I'd like to do the debug traces for you, but I don't know how. Can you please explain how I can create a trace with dtls:5? Thank you!

[superdump]

*dtls*:5

[superdump]

Set the GST_DEBUG environment variable to that.

[superdump]

Also, when it crashes, can you get a backtrace? All of this requires building bowser from source, which is not too difficult if you haven't done it already.