[jitsi-dev] Videobridge DTLS fingerprint validation


#1

Hi all,

I noticed something in a JVB log file that has me concerned:

2015-06-28 16:43:34.267 WARNING: [12159] org.jitsi.impl.neomedia.transform.dtls.DtlsControlImpl.warn() Failed to verify and/or validate a certificate offered over the media path against fingerprints declared over the signaling path! No fingerprints declared over the signaling path!

The root cause of the lack of fingerprints may be that we're not driving the REST interface correctly; I haven't looked into that yet. What worries me is that the media is working despite this warning message. JVB has apparently been unable to verify the fingerprint, but continues regardless. Surely this is not a good idea.

Looking at the code in DtlsControlImpl, it appears a similar result would arise if the fingerprint was signalled but did not match: verifyAndValidateCertificate() prints a warning and returns false, but the return value is never used. According to a comment in that file, not tearing down the connection appears to be deliberate. Am I missing something?

Regards,
Gavin

[cid:image004.png@01CF3A1B.7BCDDA10]<http://www.acision.com/>

Gavin Llewellyn
Lead Software Engineer

[cid:image005.gif@01CF3A1B.7BCDDA10]<http://www.acision.com/>

[cid:image006.png@01CF3A1B.7BCDDA10]

t

+44 1189 308 895

m

+44 7890 129 241

e

gavin.llewellyn@acision.com<mailto:gavin.llewellyn@acision.com>

[cid:image007.png@01CF3A1B.7BCDDA10]

Connect with us:

[cid:image001.jpg@01CF3A1D.054D0530]<https://www.facebook.com/pages/Acision/145536588827195> [cid:image002.jpg@01CF3A1D.054D0530] <https://twitter.com/acision> [cid:image003.jpg@01CF3A1D.054D0530] <http://www.linkedin.com/company/1270?trk=tyah&trkInfo=tas:acision,idx:2-1-2> [cid:image021.jpg@01CF3A1D.054D0530] <https://plus.google.com/+acision/posts> [cid:image022.jpg@01CF3A1D.054D0530] <http://www.youtube.com/user/Acision1>

ยทยทยท

________________________________

Lancaster Court,
8 Barnes Wallis Road,
Fareham,
PO15 5TU, UK

________________________________
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you for understanding.


#2

We've been meaning to work on that for a long time. Thank you for
bringing back our attention to it! I've created an issue from your
e-mail at https://github.com/jitsi/jitsi-videobridge/issues/78. Please
track its progress there.