Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / webrtc / 81f6f4fc56d4bb4c3f43c30a5fed401d39fddcb4
commit81f6f4fc56d4bb4c3f43c30a5fed401d39fddcb4[log] [tgz]
authordeadbeef <deadbeef@webrtc.org>Mon Sep 19 17:20:52 2016 -0700
committerCommit bot <commit-bot@chromium.org>Tue Sep 20 00:21:00 2016 +0000
treecf02f8728b1d181220d81cbfaa3410b6b72b5cf5
parentc67e0f5753e9055e5fe76ae5eba76fe9efb3d769 [diff]
Revert of Allow the DTLS fingerprint verification to occur after the handshake. (patchset #11 id:200001 of https://codereview.webrtc.org/2163683003/ )

Reason for revert:
Broke a downstream user of SSLStreamAdapter. Need to add the new interface (returning error code instead of bool) in a backwards compatible way.

Original issue's description:
> Allow the DTLS fingerprint verification to occur after the handshake.
>
> This means the DTLS handshake can make progress while the SDP answer
> containing the fingerprint is still in transit. If the signaling path
> if significantly slower than the media path, this can have a moderate
> impact on call setup time.
>
> Of course, until the fingerprint is verified no media can be sent. Any
> attempted write will result in SR_BLOCK.
>
> This essentially fulfills the requirements of RFC 4572, Section 6.2:
>
>    Note that when the offer/answer model is being used, it is possible
>    for a media connection to outrace the answer back to the offerer.
>    Thus, if the offerer has offered a 'setup:passive' or 'setup:actpass'
>    role, it MUST (as specified in RFC 4145 [2]) begin listening for an
>    incoming connection as soon as it sends its offer.  However, it MUST
>    NOT assume that the data transmitted over the TLS connection is valid
>    until it has received a matching fingerprint in an SDP answer.  If
>    the fingerprint, once it arrives, does not match the client's
>    certificate, the server endpoint MUST terminate the media connection
>    with a bad_certificate error, as stated in the previous paragraph.
>
> BUG=webrtc:6387
> R=mattdr@webrtc.org, pthatcher@webrtc.org
>
> Committed: https://crrev.com/042041bf9585f92e962387c59ca805f1218338f9
> Cr-Commit-Position: refs/heads/master@{#14296}

TBR=pthatcher@webrtc.org,mattdr@webrtc.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=webrtc:6387

Review-Url: https://codereview.webrtc.org/2352863003
Cr-Commit-Position: refs/heads/master@{#14298}
8 files changed
tree: cf02f8728b1d181220d81cbfaa3410b6b72b5cf5
  1. build_overrides/
  2. chromium/
  3. data/
  4. infra/
  5. resources/
  6. third_party/
  7. tools/
  8. webrtc/
  9. .clang-format
  10. .gitignore
  11. .gn
  12. all.gyp
  13. AUTHORS
  14. BUILD.gn
  15. check_root_dir.py
  16. codereview.settings
  17. DEPS
  18. LICENSE
  19. license_template.txt
  20. LICENSE_THIRD_PARTY
  21. OWNERS
  22. PATENTS
  23. PRESUBMIT.py
  24. pylintrc
  25. README.md
  26. setup_links.py
  27. sync_chromium.py
  28. WATCHLISTS
README.md

WebRTC is a free, open software project that provides browsers and mobile applications with Real-Time Communications (RTC) capabilities via simple APIs. The WebRTC components have been optimized to best serve this purpose.

Our mission: To enable rich, high-quality RTC applications to be developed for the browser, mobile platforms, and IoT devices, and allow them all to communicate via a common set of protocols.

The WebRTC initiative is a project supported by Google, Mozilla and Opera, amongst others. This page is maintained by the Google Chrome team.

Development

See http://www.webrtc.org/native-code/development for instructions on how to get started developing with the native code.

More info