Merge to M57: Only set certificate on DTLS transport if fingerprint is found in SDP.

webrtc/p2p/base/transportcontroller.cc

 /*
  *  Copyright 2015 The WebRTC Project Authors. All rights reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
@@ skipping 244 matching lines @@
       CreateIceTransportChannel_n(transport_name, component);
   // TODO(deadbeef): To support QUIC, would need to create a
   // QuicTransportChannel here. What is "dtls" in this file would then become
   // "dtls or quic".
   TransportChannelImpl* dtls =
       CreateDtlsTransportChannel_n(transport_name, component, ice);
   dtls->SetMetricsObserver(metrics_observer_);
   dtls->SetIceRole(ice_role_);
   dtls->SetIceTiebreaker(ice_tiebreaker_);
   dtls->SetIceConfig(ice_config_);
-  if (certificate_) {
-    bool set_cert_success = dtls->SetLocalCertificate(certificate_);
-    RTC_DCHECK(set_cert_success);
-  }
 
   // Connect to signals offered by the channels. Currently, the DTLS channel
   // forwards signals from the ICE channel, so we only need to connect to the
   // DTLS channel. In the future this won't be the case.
   dtls->SignalWritableState.connect(
       this, &TransportController::OnChannelWritableState_n);
   dtls->SignalReceivingState.connect(
       this, &TransportController::OnChannelReceivingState_n);
   dtls->SignalGatheringState.connect(
       this, &TransportController::OnChannelGatheringState_n);
@@ skipping 244 matching lines @@
 bool TransportController::SetLocalCertificate_n(
     const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) {
   RTC_DCHECK(network_thread_->IsCurrent());
 
   // Can't change a certificate, or set a null certificate.
   if (certificate_ || !certificate) {
     return false;
   }
   certificate_ = certificate;
 
-  // Set certificate both for Transport, which verifies it matches the
-  // fingerprint in SDP...
+  // Set certificate for JsepTransport, which verifies it matches the
+  // fingerprint in SDP, and only applies it to the DTLS transport if a
+  // fingerprint attribute is present in SDP. This is used for fallback from
+  // DTLS to SDES.
   for (auto& kv : transports_) {
     kv.second->SetLocalCertificate(certificate_);
   }
-  // ... and for the DTLS channel, which needs it for the DTLS handshake.
-  for (auto& channel : channels_) {
-    bool set_cert_success = channel->dtls()->SetLocalCertificate(certificate);
-    RTC_DCHECK(set_cert_success);
-  }
   return true;
 }
 
 bool TransportController::GetLocalCertificate_n(
     const std::string& transport_name,
     rtc::scoped_refptr<rtc::RTCCertificate>* certificate) const {
   RTC_DCHECK(network_thread_->IsCurrent());
 
   const JsepTransport* t = GetJsepTransport(transport_name);
   if (!t) {
@@ skipping 321 matching lines @@
         RTC_FROM_HERE, this, MSG_ICEGATHERINGSTATE,
         new rtc::TypedMessageData<IceGatheringState>(new_gathering_state));
   }
 }
 
 void TransportController::OnDtlsHandshakeError(rtc::SSLHandshakeError error) {
   SignalDtlsHandshakeError(error);
 }
 
 }  // namespace cricket