1

I compiled PJSUA2 with OpenSSL enabled and I've been trying to establish a call between two secured peers through SIPS using the following configuration command for each peer:

./pjsua-x86_64-unknown-linux-gnu
--registrar "sips:<SERVER_IP>"
--id "sips:<PEER_ID>@<SERVER_IP>"
--username "<PEER_ID>"
--realm "*"
--password <PASS>
--use-tls
--use-srtp=2
--srtp-secure=2

But every time I make a call, either to a remote peer or to the same computer (connecting another id through a different port, simultaneously), the invitation arrives and I'm able to accept the call, but then it ends instantly after accepting by triggering the following error:

SRTP crypto-suite name not match the offerer tag (PJMEDIA_SRTP_ECRYPTONOTMATCH)

And then raising a 488 (NOT ACCEPTABLE HERE). This only happens on the receiver. The caller doesn't raise any errors, but closes the call with reason 200.

What might be causing this behavior?

jww
  • 97,681
  • 90
  • 411
  • 885
Gabriel Vasconcelos
  • 576
  • 5
  • 15
  • 1
    According to the [`PJMEDIA_SRTP_ECRYPTONOTMATCH` define](http://www.pjsip.org/docs/2.0-rc/pjmedia/docs/html/group__PJMEDIA__ERRNO.htm#ga76008e56702887ce7464c21c0e06eabc) means *"SRTP crypto-suite name does not match the offerer tag"*. Maybe a bug in PJSIP? – jww Jun 12 '17 at 18:03
  • Well It might be. I'm not sure whether this means the crypto-suite name does not match the one offered by the server or by the caller. In the first case, this might be a configuration problem on either sides? Else, it does look like a bug. – Gabriel Vasconcelos Jun 12 '17 at 18:09
  • When you compiled OpenSSL and PJSUA2, did you use an RPATH to ensure the proper library was used (SONAMES sometimes fail). Maybe perform `ldd pjsua-x86_64-unknown-linux-gnu` to see which OpenSSL is being picked up at runtime. If its the wrong one, then maybe you should rebuild with a RPATH. – jww Jun 12 '17 at 18:38
  • `libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0`, which corresponds to Ubuntu default installation 1.0.2g-ubuntu4.6 (wasn't updated to ubuntu4.8 then). If I'm not mistaken, 1.0.2 is the default for PJSIP 2.6. – Gabriel Vasconcelos Jun 12 '17 at 18:52
  • It sounds like PJSUA2 is not using your version of OpenSSL. Maybe you should build PJSUA2 again. This time, add `-Wl,-rpath=/usr/local/ssl/lib` to `CFLAGS` and `CXXFLAGS` (assuming your OpenSSL libraries are located at `/usr/local/ssl/lib`. Be sure to include `-I` for the headers and `-L` for the libraries, too. – jww Jun 12 '17 at 18:57
  • Well, I intended to use system default actually. Why building it myself would make it behave differently? – Gabriel Vasconcelos Jun 12 '17 at 19:00
  • Oh, my bad. I thought you were using an OpenSSL that you built. Sorry about that. – jww Jun 12 '17 at 19:02
  • Can different ports affect somehow? I mean maybe IP address is changing during connecting state by refreshing account/user details and other part fails to find because of public/local IP address changes? –  Jul 27 '17 at 13:19

0 Answers0