From 841929c06fe51acafdb3fc03365a8b2d6a4d7664 Mon Sep 17 00:00:00 2001
From: Harry <harry@harrybird.nz>
Date: Thu, 16 Apr 2026 15:57:23 +1000
Subject: [PATCH] Add dtls_auto_generate_cert and dtls_setup for DTLS
 media_encryption endpoints

When a PJSIP endpoint is configured with media_encryption=dtls (required
for WebRTC), Asterisk needs dtls_auto_generate_cert=yes and
dtls_setup=actpass to successfully negotiate DTLS-SRTP. Without these
lines, WebRTC calls fail with 'Couldn't negotiate stream' errors.

This patch automatically appends the required DTLS parameters whenever
media_encryption is set to 'dtls', ensuring WebRTC extensions work out
of the box without manual custom_post.conf entries.
---
 functions.inc/drivers/PJSip.class.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/functions.inc/drivers/PJSip.class.php b/functions.inc/drivers/PJSip.class.php
index a341274a..154def4f 100644
--- a/functions.inc/drivers/PJSip.class.php
+++ b/functions.inc/drivers/PJSip.class.php
@@ -1325,6 +1325,10 @@ private function generateEndpoint($config, &$retarr, $enableRecordingFeature=fal
 
 		if (!empty($config['media_encryption'])) {
 			$endpoint[] = "media_encryption=".$config['media_encryption'];
+			if ($config['media_encryption'] === 'dtls') {
+				$endpoint[] = "dtls_auto_generate_cert=yes";
+				$endpoint[] = "dtls_setup=actpass";
+			}
 		}
 
 		if (!empty($config['timers'])) {