pjsip - PJSIP_ESESSIONINSECURE - Error

Question

I am trying to set up FIPS capable openssl and test it with pjsip. I have everything built. I run the following :

pjsua-x86_64-unknown-linux-gnu --local-port=5060 --srtp-secure=1 --use-srtp=2 --null-audio

and

pjsua-x86_64-unknown-linux-gnu --local-port=5061 --srtp-secure=1 --use-srtp=2 --null-audio

When I go to call the one node, I get :

Error initializing media channel: Require secure session/transport (PJSIP_ESESSIONINSECURE) [status=171142]

I tracked down where in the code this is happening. In file :

./pjsip/src/pjsua-lib/pjsua_media.c

if (acc->cfg.use_srtp != PJMEDIA_SRTP_DISABLED) {
        if (security_level < acc->cfg.srtp_secure_signaling) {
            err_code = PJSIP_SC_NOT_ACCEPTABLE;
            status = PJSIP_ESESSIONINSECURE;
            goto on_return;
        }
    }

Does anyone know why I am failing this check?

Answer 1

Make sure you add the following flags in the pjsip config_site.h:

#define PJMEDIA_HAS_SRTP 1
#define PJSIP_HAS_TLS_TRANSPORT 1

Also, make sure you create an endpoint with TLS transport type. You also need to make sure your sip address has the 'sips' prefix and ;transport=tls. This is evaluated in the pjsua_call.c / get_secure_level function, which determines the security_level and consequently makes the condition you mentioned above fail.

Answer 2

add the argument

--use-tls 

to the program invocation