From 1bd49040c45fe414a4e119a55ea7d5f209c6906a Mon Sep 17 00:00:00 2001
From: Joshua Colp <jcolp@digium.com>
Date: Thu, 10 Nov 2016 16:57:49 +0000
Subject: [PATCH] res_pjsip_sdp_rtp: Reject offer of required SRTP without
 res_srtp.

When optimistic SRTP was on it was possible for us to still
set up a call without an audio stream if an offer was received
with required SRTP.

This change makes it so this scenario will now fail with a 488
response.

ASTERISK-26575

Change-Id: I7d14187037681f48879bd20319ac79d0877318f3
---
 res/res_pjsip_sdp_rtp.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/res/res_pjsip_sdp_rtp.c b/res/res_pjsip_sdp_rtp.c
index 3df9df030a..7fd4f9abc0 100644
--- a/res/res_pjsip_sdp_rtp.c
+++ b/res/res_pjsip_sdp_rtp.c
@@ -909,9 +909,11 @@ static int negotiate_incoming_sdp_stream(struct ast_sip_session *session, struct
 
 	res = setup_media_encryption(session, session_media, sdp, stream);
 	if (res) {
-		if (!session->endpoint->media.rtp.encryption_optimistic) {
+		if (!session->endpoint->media.rtp.encryption_optimistic ||
+			!pj_strncmp2(&stream->desc.transport, "RTP/SAVP", 8)) {
 			/* If optimistic encryption is disabled and crypto should have been enabled
-			 * but was not this session must fail.
+			 * but was not this session must fail. This must also fail if crypto was
+			 * required in the offer but could not be set up.
 			 */
 			return -1;
 		}
-- 
GitLab