New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tls: configuration override with multiple server roles on same socket #1574
Comments
The issue seems to be the client implementation not providing server name indication. The way it works is finding first a server profile by matching the ip and port (which is not actually used at that moment) and registering a callback for SNI, which is executed and searches for a profile matching the server_name. However, there is no SNI from the client based on the last log message next:
So, SSL_get_servername() didn't returned a server name from the SSL context, meaning that the client didn't provide any. Can you try with s_client from openssl, something like:
and watch the logs to see what is printed there? |
Hello Daniel-Constantin, You are right. It does not look like any of my test phones is capable of setting TLS extension servername. I wonder if there are any at all. I did series of tests with Thank you for guidance! |
OK. No sip client with sni coming in my mind now, maybe you can ask on sr-users mailing list. I am closing this one. |
Hello,
I'm using Kamailio v. 5.1.0-21 on CentOs 6 machine, installed from repository. It is running behind the NAT. I'm using Htek and Zoiper phones for testing. Below is content from my tls.cfg configuration file:
My first phone is configured with certificate for first.my-domain.com and second - for second.my-domain.com.
When I try to connect with first phone, it fails. I get following output in Kamailio log file:
However second phone connects with no problems:
After swapping
[server:172.16.30.205:5061]
sections in tls.cfg, first phone can connect:... but second phone can not:
10-th line in each output from above shows that last server role which is configured for particular socket is used to establish connection, ignoring previous ones. Please let me know if my configuration is correct or it needs to be adjusted.
Thank you very much!
The text was updated successfully, but these errors were encountered: