The issue seems to be the client implementation not providing server name indication.
The way it works is finding first a server profile by matching the ip and port (which is
not actually used at that moment) and registering a callback for SNI, which is executed
and searches for a profile matching the server_name. However, there is no SNI from the
client based on the last log message next:
```
Jun 25 15:43:51 kamailio-dev /usr/sbin/kamailio[9344]: DEBUG: tls [tls_server.c:199]:
tls_complete_init(): completing tls connection initialization
Jun 25 15:43:51 kamailio-dev /usr/sbin/kamailio[9344]: DEBUG: tls [tls_server.c:228]:
tls_complete_init(): Using initial TLS domain TLSs<172.16.30.205:5061> (dom
0x7fc8bcce7fd8 ctx 0x7fc8bcf945b0 sn [
first.my-domain.com])
Jun 25 15:43:51 kamailio-dev /usr/sbin/kamailio[9344]: DEBUG: tls [tls_domain.c:724]:
sr_ssl_ctx_info_callback(): SSL handshake started
Jun 25 15:43:51 kamailio-dev /usr/sbin/kamailio[9344]: DEBUG: tls [tls_domain.c:927]:
tls_server_name_cb(): SSL_get_servername returned NULL: return SSL_TLSEXT_ERR_NOACK
```
So, SSL_get_servername() didn't returned a server name from the SSL context, meaning
that the client didn't provide any.
Can you try with s_client from openssl, something like:
```
openssl s_client -servername
myservername.com -tlsextdebug -connect mykamailio.ip:5061
```
and watch the logs to see what is printed there?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1574#issuecomment-400056680