20 Dec
2019
20 Dec
'19
5:21 p.m.
Hello,
you add two $xavp(tls=>...) with the operations you do, change to:
$xavp(tls=>server_name)="btip.176.com";
$xavp(tls[0]=>server_id)="btip.176.com";
so the server_id is added to the existing $xavp(tls->...) instead of
creating a new one that doesn have server_name.
Cheers,
Daniel
On 20.12.19 07:39, mahesh b wrote:
Hi ,
I further went thru the logs of kamailio, and i see the below
happening.
tls [tls_server.c:169]: tls_get_connect_server_name[]: xavp with
outbound server name not found
tls [tls_server.c:152]: tls_get_connect_server_id[]: found xavp with
outbound server id: btip.176.com <http://btip.176.com>
Its strange its able to find the client profile based on server_id
, but not able to find using the server_name
In tls_complete_init( )
if (c->flags & F_CONN_PASSIVE) {
state=S_TLS_ACCEPTING;
dom = tls_lookup_cfg(cfg, TLS_DOMAIN_SRV,
&c->rcv.dst_ip, c->rcv.dst_port, 0, 0);
} else {
state=S_TLS_CONNECTING;
sname = tls_get_connect_server_name();
srvid = tls_get_connect_server_id();
dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI,
&c->rcv.dst_ip, c->rcv.dst_port, sname, srvid);
}
Am acting as client, so it will hit the else part
the call to sname = tls_get_connect_server_name(); //failed with
below logs
tls [tls_server.c:169]: tls_get_connect_server_name[]: xavp with
outbound server name not found
the call to srvid = tls_get_connect_server_id(); // success with
below logs
tls [tls_server.c:152]: tls_get_connect_server_id[]: found xavp with
outbound server id: btip.176.com <http://btip.176.com>
And futher down in the function : as sname is NULL, it is not setting
the server name extension in client hello message.
#ifndef OPENSSL_NO_TLSEXT
if (sname!=NULL) {
if(!SSL_set_tlsext_host_name(data->ssl, sname->s)) {
if (data->ssl)
SSL_free(data->ssl);
if (data->rwbio)
BIO_free(data->rwbio);
goto error;
}
LM_DBG("outbound TLS server name set to: %s\n", sname->s);
}
#endif
Am i missing anything here w.r.t configuration ? or is it a bug ?
which has been fixed in later versions ? Please help !!
Regards,
Mahesh.B
On Thu, Dec 19, 2019 at 5:53 PM mahesh b <mahesh.b.2487(a)gmail.com
<mailto:mahesh.b.2487@gmail.com>> wrote:
Hi,
Am using Kamailio 5.1.9 version
My Setup : client1 -> kamailio server 1 ( IP : 10.211.160.172)
----> kamailio server 2( IP : 10.211.160.176) -> client2
I have a scenario where kamailio server 1 has to initiate an
outgoing tls connection to kamailio server 2, i have set the
server_name and server_id in the client profile in tls.cfg like
below on kamailio server 1
[client:default]
verify_certificate = no
require_certificate = no
server_name = mahesh.client.com <http://mahesh.client.com>
[client:10.211.160.172:5061 <http://10.211.160.172:5061>]
method = TLSv1+
verify_certificate = yes
require_certificate = yes
private_key =
/root/mahesh_openssl/profile2/btip_172_server_private.key
certificate = /root/mahesh_openssl/profile2/btip_172_server_public.crt
ca_list = /root/mahesh_openssl/profile2/btip_ca_public.crt
cipher_list = RSA
verify_depth = 9
server_name = btip.176.com <http://btip.176.com>
server_id = btip.176.com <http://btip.176.com>
And in sar.cfg
$xavp(tls=>server_name)="btip.176.com <http://btip.176.com>";
$xavp(tls=>server_id)="btip.176.com <http://btip.176.com>";
$du = "sip:10.211.160.176:5061;transport=tls";
....
t_relay();
What i observe is that , when client hello is sent by
10.211.160.172 to 10.211.160.176, i dont see Extension server_name
being sent. Am i missing anything. Please help !
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio World Conference - April 27-29, 2020, in Berlin -- www.kamailioworld.com