You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
The issue seems to be the client implementation not providing server name indication.
The way it works is finding first a server profile by matching the ip and port (which is not actually used at that moment) and registering a callback for SNI, which is executed and searches for a profile matching the server_name. However, there is no SNI from the client based on the last log message next:
Jun 25 15:43:51 kamailio-dev /usr/sbin/kamailio[9344]: DEBUG: tls [tls_server.c:199]: tls_complete_init(): completing tls connection initialization
Jun 25 15:43:51 kamailio-dev /usr/sbin/kamailio[9344]: DEBUG: tls [tls_server.c:228]: tls_complete_init(): Using initial TLS domain TLSs<172.16.30.205:5061> (dom 0x7fc8bcce7fd8 ctx 0x7fc8bcf945b0 sn [first.my-domain.com])
Jun 25 15:43:51 kamailio-dev /usr/sbin/kamailio[9344]: DEBUG: tls [tls_domain.c:724]: sr_ssl_ctx_info_callback(): SSL handshake started
Jun 25 15:43:51 kamailio-dev /usr/sbin/kamailio[9344]: DEBUG: tls [tls_domain.c:927]: tls_server_name_cb(): SSL_get_servername returned NULL: return SSL_TLSEXT_ERR_NOACK
So, SSL_get_servername() didn't returned a server name from the SSL context, meaning that the client didn't provide any.
Can you try with s_client from openssl, something like:
openssl s_client -servername myservername.com -tlsextdebug -connect mykamailio.ip:5061
and watch the logs to see what is printed there?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.