[jitsi-dev] WebRTC from a server side app with libjitsi - success finally

Mondain · 2014-10-07 14:48:03 UTC

I have finally managed to use libjitsi to stream to a browser from a server
app (stream is generated at the server). This required the use of my patch
for sha-256 in the dtls code (see link below). The video isn't perfect yet,
but I can work on that now that I finally get a stream. Below are some odd
log messages I still get even though this process is working:

2014-10-06 21:55:44,382
[org.jitsi.impl.neomedia.transform.dtls.DtlsPacketTransformer.connectThread]
WARN o.j.i.n.t.dtls.DtlsControlImpl - Failed to verify and/or validate a
certificate offered over the media path against fingerprints declared over
the signaling path! No fingerprint declared over the signaling path with
hash function: sha-1!
2014-10-06 21:55:44,395
[org.jitsi.impl.neomedia.transform.dtls.DtlsPacketTransformer.connectThread]
WARN o.j.i.n.t.dtls.DtlsControlImpl - Failed to verify and/or validate a
certificate offered over the media path against fingerprints declared over
the signaling path! No fingerprint declared over the signaling path with
hash function: sha-1!
2014-10-06 21:57:19,956
[org.jitsi.impl.neomedia.transform.dtls.DtlsPacketTransformer.connectThread]
WARN o.j.i.n.t.dtls.DtlsControlImpl - Failed to verify and/or validate a
certificate offered over the media path against fingerprints declared over
the signaling path! No fingerprints declared over the signaling path!
2014-10-06 21:57:19,981
[org.jitsi.impl.neomedia.transform.dtls.DtlsPacketTransformer.connectThread]
WARN o.j.i.n.t.dtls.DtlsControlImpl - Failed to verify and/or validate a
certificate offered over the media path against fingerprints declared over
the signaling path! No fingerprints declared over the signaling path!

Any ideas as to why it still tries to force sha-1?

Pull request for sha-256 support: https://github.com/jitsi/libjitsi/pull/20

Regards,
Paul

···

--
http://gregoire.org/
http://code.google.com/p/red5/

Boris_Grozev · 2014-10-09 16:08:20 UTC

Hello,

Sorry for not answering earlier -- unfortunately I don't have much useful things to say.

I have finally managed to use libjitsi to stream to a browser from a
server app (stream is generated at the server).

That's great!

This required the use of
my patch for sha-256 in the dtls code (see link below).

It could be just my ignorance, but I don't understand why this is required. We definitely connect fine with chrome without it and, unless I'm misremembering, we have connected to firefox as well.

The video isn't
perfect yet, but I can work on that now that I finally get a stream.
Below are some odd log messages I still get even though this process is
working:

2014-10-06 21:55:44,382
[org.jitsi.impl.neomedia.transform.dtls.DtlsPacketTransformer.connectThread]
WARN o.j.i.n.t.dtls.DtlsControlImpl - Failed to verify and/or validate
a certificate offered over the media path against fingerprints declared
over the signaling path! No fingerprint declared over the signaling path
with hash function: sha-1!

Have you provided the fingerprints obtained through signalling to the DtlsControl instance? You can do this via DtlsControl#setRemoteFingerprints().

2014-10-06 21:55:44,395
[org.jitsi.impl.neomedia.transform.dtls.DtlsPacketTransformer.connectThread]
WARN o.j.i.n.t.dtls.DtlsControlImpl - Failed to verify and/or validate
a certificate offered over the media path against fingerprints declared
over the signaling path! No fingerprint declared over the signaling path
with hash function: sha-1!
2014-10-06 21:57:19,956
[org.jitsi.impl.neomedia.transform.dtls.DtlsPacketTransformer.connectThread]
WARN o.j.i.n.t.dtls.DtlsControlImpl - Failed to verify and/or validate
a certificate offered over the media path against fingerprints declared
over the signaling path! No fingerprints declared over the signaling path!
2014-10-06 21:57:19,981
[org.jitsi.impl.neomedia.transform.dtls.DtlsPacketTransformer.connectThread]
WARN o.j.i.n.t.dtls.DtlsControlImpl - Failed to verify and/or validate
a certificate offered over the media path against fingerprints declared
over the signaling path! No fingerprints declared over the signaling path!

Any ideas as to why it still tries to force sha-1?

Pull request for sha-256 support: https://github.com/jitsi/libjitsi/pull/20

Before we accept your contributions you need to send a signed copy of the contributor agreement[0].

I am not familiar with the code which you modified, so I cannot comment on your functional changes. However, there are a few cosmetic issues to be fixed before this can be merged:
1. The unrelated changes (e.g. to DominantSpeakerIdentification.java) should be removed.
2. The PNAME_SIGNATURE_ALGORITHM constant should be moved to a DTLS-specific part of the code. I think DtlsControlImpl.java is suitable.
3. The name of the property should be named similarly to the other properties that we use (something like org.jitsi.impl.transform.dtls.SIGNATURE_ALGORITHM)

Regards,
Boris

[0] https://bluejimp.com/bca.pdf

···

On 07/10/14 17:48, Mondain wrote: