26 Oct
2016
26 Oct
'16
9:59 a.m.
Hi Daniel.
After some try to configure kamailio 4.4.3 to act as SPI TLS client
for Cisco SIP TLS gateways I have found one issue.
If I do client configuration for tls
[client:10.1.23.19:5061]
verify_certificate = yes
ca_list = /etc/kamailio/CAs/ca1.pem
[client:10.1.23.29:5061]
verify_certificate = yes
ca_list = /etc/kamailio/CAs/ca2.pem
[client:default]
verify_certificate = no
require_certificate = no
Kamailo always do default profile selection (I do configuration
without server_name or server_id, with it kamailio works fine but
there are some troubles to make selection of this parameters from
config script, I need additional checks and queries)
after some research in tls module source code I have added some debug
information in file tls_server.c:
if (c->flags & F_CONN_PASSIVE) {
state=S_TLS_ACCEPTING;
dom = tls_lookup_cfg(cfg, TLS_DOMAIN_SRV,
&c->rcv.dst_ip, c->rcv.dst_port, 0, 0);
} else {
state=S_TLS_CONNECTING;
sname = tls_get_connect_server_name();
srvid = tls_get_connect_server_id();
// -------------------------------------------------------------
DBG("Entered client config loockup (c->rcv.dst_port
%d)\n", c->rcv.dst_port);
DBG("Entered client config loockup (&c->rcv.dst_ip
%s)\n", ip_addr2a(&c->rcv.dst_ip));
DBG("Entered client config loockup (c->rcv.src_port
%d)\n", c->rcv.src_port);
DBG("Entered client config loockup (&c->rcv.src_ip
%s)\n", ip_addr2a(&c->rcv.src_ip));
// -------------------------------------------------------------
dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI,
&c->rcv.dst_ip,
c->rcv.dst_port, sname, srvid);
}
After making
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core>
[parser/msg_parser.c:597]: parse_msg(): method: <INVITE>
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core>
[parser/msg_parser.c:599]: parse_msg(): uri:
<sip:9098@10.1.23.19:5061;transport=TLS>
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core>
[parser/msg_parser.c:601]: parse_msg(): version: <SIP/2.0>
I see
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core>
[ip_addr.c:229]: print_ip(): tcpconn_new: new tcp connection:
10.1.23.19
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core>
[tcp_main.c:985]: tcpconn_new(): on port 5061, type 3
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core>
[tcp_main.c:1295]: tcpconn_add(): hashes: 1394:0:0, 1
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
[tls_server.c:197]: tls_complete_init(): completing tls connection
initialization
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
[tls_server.c:160]: tls_get_connect_server_name(): xavp with outbound
server name not found
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
[tls_server.c:140]: tls_get_connect_server_id(): xavp with outbound
server id not found
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
[tls_server.c:219]: tls_complete_init(): Entered client config loockup
(c->rcv.dst_port 40123)
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
[tls_server.c:220]: tls_complete_init(): Entered client config loockup
(&c->rcv.dst_ip 10.1.23.23)
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
[tls_server.c:221]: tls_complete_init(): Entered client config loockup
(c->rcv.src_port 5061)
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
[tls_server.c:222]: tls_complete_init(): Entered client config loockup
(&c->rcv.src_ip 10.1.23.19)
Where:
&c->rcv.dst_ip 10.1.23.23 - it is my local kamailio tls socket ip
address to make tls connect from
c->rcv.dst_port 40123 - it is my local kamailio tls socket port
&c->rcv.src_ip 10.1.23.19 - ip of my TLS device to make tls connection to
c->rcv.src_port 5061 - port of my TLS device to make tls connection to
so if I change line
dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI,
&c->rcv.dst_ip,
c->rcv.dst_port, sname, srvid);
to
dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI,
&c->rcv.src_ip,
c->rcv.src_port, sname, srvid);
I got correct client domain selection
Oct 26 09:33:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
[tls_server.c:233]: tls_complete_init(): Using initial TLS domain
TLSc<10.1.23.19:5061> (dom 0x7fd2eefa3d68 ctx 0x7fd2ef7e70a8 sn [])
Oct 26 09:33:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
[tls_domain.c:703]: sr_ssl_ctx_info_callback(): SSL handshake started
Can you look at this code?
Thank you in advance.
--
Best regards,
Sergey Basov e-mail: sergey.v.basov(a)gmail.com
tel: (+38067) 403-62-54
1 Nov
1 Nov
1:09 p.m.
Hello,
can you open a pull request on github with the patch you propose for the
fix?
- https://github.com/kamailio/kamailio
It is easier to review and travis-ci will take care to compile the patch
and be sure it doesn't break latest master version.
Cheers,
Daniel
On 26/10/16 08:59, Sergey Basov wrote:
Hi Daniel.
After some try to configure kamailio 4.4.3 to act as SPI TLS client
for Cisco SIP TLS gateways I have found one issue.
If I do client configuration for tls
[client:10.1.23.19:5061]
verify_certificate = yes
ca_list = /etc/kamailio/CAs/ca1.pem
[client:10.1.23.29:5061]
verify_certificate = yes
ca_list = /etc/kamailio/CAs/ca2.pem
[client:default]
verify_certificate = no
require_certificate = no
Kamailo always do default profile selection (I do configuration
without server_name or server_id, with it kamailio works fine but
there are some troubles to make selection of this parameters from
config script, I need additional checks and queries)
after some research in tls module source code I have added some debug
information in file tls_server.c:
if (c->flags & F_CONN_PASSIVE) {
state=S_TLS_ACCEPTING;
dom = tls_lookup_cfg(cfg, TLS_DOMAIN_SRV,
&c->rcv.dst_ip, c->rcv.dst_port, 0, 0);
} else {
state=S_TLS_CONNECTING;
sname = tls_get_connect_server_name();
srvid = tls_get_connect_server_id();
// -------------------------------------------------------------
DBG("Entered client config loockup (c->rcv.dst_port
%d)\n", c->rcv.dst_port);
DBG("Entered client config loockup (&c->rcv.dst_ip
%s)\n", ip_addr2a(&c->rcv.dst_ip));
DBG("Entered client config loockup (c->rcv.src_port
%d)\n", c->rcv.src_port);
DBG("Entered client config loockup (&c->rcv.src_ip
%s)\n", ip_addr2a(&c->rcv.src_ip));
// -------------------------------------------------------------
dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI,
&c->rcv.dst_ip,
c->rcv.dst_port, sname, srvid);
}
After making
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core>
[parser/msg_parser.c:597]: parse_msg(): method: <INVITE>
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core>
[parser/msg_parser.c:599]: parse_msg(): uri:
<sip:9098@10.1.23.19:5061;transport=TLS>
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core>
[parser/msg_parser.c:601]: parse_msg(): version: <SIP/2.0>
I see
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core>
[ip_addr.c:229]: print_ip(): tcpconn_new: new tcp connection:
10.1.23.19
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core>
[tcp_main.c:985]: tcpconn_new(): on port 5061, type 3
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core>
[tcp_main.c:1295]: tcpconn_add(): hashes: 1394:0:0, 1
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
[tls_server.c:197]: tls_complete_init(): completing tls connection
initialization
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
[tls_server.c:160]: tls_get_connect_server_name(): xavp with outbound
server name not found
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
[tls_server.c:140]: tls_get_connect_server_id(): xavp with outbound
server id not found
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
[tls_server.c:219]: tls_complete_init(): Entered client config loockup
(c->rcv.dst_port 40123)
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
[tls_server.c:220]: tls_complete_init(): Entered client config loockup
(&c->rcv.dst_ip 10.1.23.23)
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
[tls_server.c:221]: tls_complete_init(): Entered client config loockup
(c->rcv.src_port 5061)
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
[tls_server.c:222]: tls_complete_init(): Entered client config loockup
(&c->rcv.src_ip 10.1.23.19)
Where:
&c->rcv.dst_ip 10.1.23.23 - it is my local kamailio tls socket ip
address to make tls connect from
c->rcv.dst_port 40123 - it is my local kamailio tls socket port
&c->rcv.src_ip 10.1.23.19 - ip of my TLS device to make tls connection to
c->rcv.src_port 5061 - port of my TLS device to make tls connection to
so if I change line
dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI,
&c->rcv.dst_ip,
c->rcv.dst_port, sname, srvid);
to
dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI,
&c->rcv.src_ip,
c->rcv.src_port, sname, srvid);
I got correct client domain selection
Oct 26 09:33:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
[tls_server.c:233]: tls_complete_init(): Using initial TLS domain
TLSc<10.1.23.19:5061> (dom 0x7fd2eefa3d68 ctx 0x7fd2ef7e70a8 sn [])
Oct 26 09:33:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
[tls_domain.c:703]: sr_ssl_ctx_info_callback(): SSL handshake started
Can you look at this code?
Thank you in advance.
--
Best regards,
Sergey Basov e-mail: sergey.v.basov(a)gmail.com
tel: (+38067) 403-62-54
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Berlin, Nov 28-30, 2016 - http://www.asipto.com
2 Nov
2 Nov
9:37 a.m.
Hi Daniel,
I have just create pull request for this change.
https://github.com/kamailio/kamailio/pull/842
--
Best regards,
Sergey Basov e-mail: sergey.v.basov(a)gmail.com
tel: (+38067) 403-62-54
2016-11-01 12:09 GMT+02:00 Daniel-Constantin Mierla <miconda(a)gmail.com>om>:
Hello,
can you open a pull request on github with the patch you propose for the
fix?
- https://github.com/kamailio/kamailio
It is easier to review and travis-ci will take care to compile the patch
and be sure it doesn't break latest master version.
Cheers,
Daniel
On 26/10/16 08:59, Sergey Basov wrote:
Hi Daniel.
After some try to configure kamailio 4.4.3 to act as SPI TLS client
for Cisco SIP TLS gateways I have found one issue.
If I do client configuration for tls
[client:10.1.23.19:5061]
verify_certificate = yes
ca_list = /etc/kamailio/CAs/ca1.pem
[client:10.1.23.29:5061]
verify_certificate = yes
ca_list = /etc/kamailio/CAs/ca2.pem
[client:default]
verify_certificate = no
require_certificate = no
Kamailo always do default profile selection (I do configuration
without server_name or server_id, with it kamailio works fine but
there are some troubles to make selection of this parameters from
config script, I need additional checks and queries)
after some research in tls module source code I have added some debug
information in file tls_server.c:
if (c->flags & F_CONN_PASSIVE) {
state=S_TLS_ACCEPTING;
dom = tls_lookup_cfg(cfg, TLS_DOMAIN_SRV,
&c->rcv.dst_ip, c->rcv.dst_port, 0, 0);
} else {
state=S_TLS_CONNECTING;
sname = tls_get_connect_server_name();
srvid = tls_get_connect_server_id();
// -------------------------------------------------------------
DBG("Entered client config loockup (c->rcv.dst_port
%d)\n", c->rcv.dst_port);
DBG("Entered client config loockup (&c->rcv.dst_ip
%s)\n", ip_addr2a(&c->rcv.dst_ip));
DBG("Entered client config loockup (c->rcv.src_port
%d)\n", c->rcv.src_port);
DBG("Entered client config loockup (&c->rcv.src_ip
%s)\n", ip_addr2a(&c->rcv.src_ip));
// -------------------------------------------------------------
dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI,
&c->rcv.dst_ip,
c->rcv.dst_port, sname, srvid);
}
After making
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core>
[parser/msg_parser.c:597]: parse_msg(): method: <INVITE>
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core>
[parser/msg_parser.c:599]: parse_msg(): uri:
<sip:9098@10.1.23.19:5061;transport=TLS>
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core>
[parser/msg_parser.c:601]: parse_msg(): version: <SIP/2.0>
I see
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core>
[ip_addr.c:229]: print_ip(): tcpconn_new: new tcp connection:
10.1.23.19
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core>
[tcp_main.c:985]: tcpconn_new(): on port 5061, type 3
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core>
[tcp_main.c:1295]: tcpconn_add(): hashes: 1394:0:0, 1
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
[tls_server.c:197]: tls_complete_init(): completing tls connection
initialization
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
[tls_server.c:160]: tls_get_connect_server_name(): xavp with outbound
server name not found
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
[tls_server.c:140]: tls_get_connect_server_id(): xavp with outbound
server id not found
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
[tls_server.c:219]: tls_complete_init(): Entered client config loockup
(c->rcv.dst_port 40123)
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
[tls_server.c:220]: tls_complete_init(): Entered client config loockup
(&c->rcv.dst_ip 10.1.23.23)
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
[tls_server.c:221]: tls_complete_init(): Entered client config loockup
(c->rcv.src_port 5061)
Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
[tls_server.c:222]: tls_complete_init(): Entered client config loockup
(&c->rcv.src_ip 10.1.23.19)
Where:
&c->rcv.dst_ip 10.1.23.23 - it is my local kamailio tls socket ip
address to make tls connect from
c->rcv.dst_port 40123 - it is my local kamailio tls socket port
&c->rcv.src_ip 10.1.23.19 - ip of my TLS device to make tls connection to
c->rcv.src_port 5061 - port of my TLS device to make tls connection to
so if I change line
dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI,
&c->rcv.dst_ip,
c->rcv.dst_port, sname, srvid);
to
dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI,
&c->rcv.src_ip,
c->rcv.src_port, sname, srvid);
I got correct client domain selection
Oct 26 09:33:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
[tls_server.c:233]: tls_complete_init(): Using initial TLS domain
TLSc<10.1.23.19:5061> (dom 0x7fd2eefa3d68 ctx 0x7fd2ef7e70a8 sn [])
Oct 26 09:33:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
[tls_domain.c:703]: sr_ssl_ctx_info_callback(): SSL handshake started
Can you look at this code?
Thank you in advance.
--
Best regards,
Sergey Basov e-mail: sergey.v.basov(a)gmail.com
tel: (+38067) 403-62-54
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Berlin, Nov 28-30, 2016 - http://www.asipto.com
12:10 p.m.
Hello,
thanks, I will review it there.
Cheers,
Daniel
On 02/11/16 07:37, Sergey Basov wrote:
Hi Daniel,
I have just create pull request for this change.
https://github.com/kamailio/kamailio/pull/842
--
Best regards,
Sergey Basov e-mail: sergey.v.basov(a)gmail.com
tel: (+38067) 403-62-54
2016-11-01 12:09 GMT+02:00 Daniel-Constantin Mierla <miconda(a)gmail.com>om>:
> Hello,
>
> can you open a pull request on github with the patch you propose for the
> fix?
>
> - https://github.com/kamailio/kamailio
>
> It is easier to review and travis-ci will take care to compile the patch
> and be sure it doesn't break latest master version.
>
> Cheers,
> Daniel
>
>
> On 26/10/16 08:59, Sergey Basov wrote:
>> Hi Daniel.
>>
>> After some try to configure kamailio 4.4.3 to act as SPI TLS client
>> for Cisco SIP TLS gateways I have found one issue.
>>
>> If I do client configuration for tls
>>
>> [client:10.1.23.19:5061]
>> verify_certificate = yes
>> ca_list = /etc/kamailio/CAs/ca1.pem
>>
>> [client:10.1.23.29:5061]
>> verify_certificate = yes
>> ca_list = /etc/kamailio/CAs/ca2.pem
>>
>> [client:default]
>> verify_certificate = no
>> require_certificate = no
>>
>> Kamailo always do default profile selection (I do configuration
>> without server_name or server_id, with it kamailio works fine but
>> there are some troubles to make selection of this parameters from
>> config script, I need additional checks and queries)
>>
>> after some research in tls module source code I have added some debug
>> information in file tls_server.c:
>>
>> if (c->flags & F_CONN_PASSIVE) {
>> state=S_TLS_ACCEPTING;
>> dom = tls_lookup_cfg(cfg, TLS_DOMAIN_SRV,
>>
>> &c->rcv.dst_ip, c->rcv.dst_port, 0, 0);
>> } else {
>> state=S_TLS_CONNECTING;
>> sname = tls_get_connect_server_name();
>> srvid = tls_get_connect_server_id();
>> // -------------------------------------------------------------
>> DBG("Entered client config loockup (c->rcv.dst_port
>> %d)\n", c->rcv.dst_port);
>> DBG("Entered client config loockup (&c->rcv.dst_ip
>> %s)\n", ip_addr2a(&c->rcv.dst_ip));
>> DBG("Entered client config loockup (c->rcv.src_port
>> %d)\n", c->rcv.src_port);
>> DBG("Entered client config loockup (&c->rcv.src_ip
>> %s)\n", ip_addr2a(&c->rcv.src_ip));
>> // -------------------------------------------------------------
>> dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI,
>> &c->rcv.dst_ip,
>> c->rcv.dst_port, sname, srvid);
>>
>> }
>>
>> After making
>> Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core>
>> [parser/msg_parser.c:597]: parse_msg(): method: <INVITE>
>> Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core>
>> [parser/msg_parser.c:599]: parse_msg(): uri:
>> <sip:9098@10.1.23.19:5061;transport=TLS>
>> Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core>
>> [parser/msg_parser.c:601]: parse_msg(): version: <SIP/2.0>
>>
>> I see
>>
>> Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core>
>> [ip_addr.c:229]: print_ip(): tcpconn_new: new tcp connection:
>> 10.1.23.19
>> Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core>
>> [tcp_main.c:985]: tcpconn_new(): on port 5061, type 3
>> Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core>
>> [tcp_main.c:1295]: tcpconn_add(): hashes: 1394:0:0, 1
>> Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
>> [tls_server.c:197]: tls_complete_init(): completing tls connection
>> initialization
>> Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
>> [tls_server.c:160]: tls_get_connect_server_name(): xavp with outbound
>> server name not found
>> Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
>> [tls_server.c:140]: tls_get_connect_server_id(): xavp with outbound
>> server id not found
>> Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
>> [tls_server.c:219]: tls_complete_init(): Entered client config loockup
>> (c->rcv.dst_port 40123)
>> Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
>> [tls_server.c:220]: tls_complete_init(): Entered client config loockup
>> (&c->rcv.dst_ip 10.1.23.23)
>> Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
>> [tls_server.c:221]: tls_complete_init(): Entered client config loockup
>> (c->rcv.src_port 5061)
>> Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
>> [tls_server.c:222]: tls_complete_init(): Entered client config loockup
>> (&c->rcv.src_ip 10.1.23.19)
>>
>> Where:
>> &c->rcv.dst_ip 10.1.23.23 - it is my local kamailio tls socket ip
>> address to make tls connect from
>> c->rcv.dst_port 40123 - it is my local kamailio tls socket port
>> &c->rcv.src_ip 10.1.23.19 - ip of my TLS device to make tls connection to
>> c->rcv.src_port 5061 - port of my TLS device to make tls connection to
>>
>> so if I change line
>> dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI,
>> &c->rcv.dst_ip,
>> c->rcv.dst_port, sname, srvid);
>> to
>> dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI,
>> &c->rcv.src_ip,
>> c->rcv.src_port, sname, srvid);
>>
>>
>> I got correct client domain selection
>>
>> Oct 26 09:33:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
>> [tls_server.c:233]: tls_complete_init(): Using initial TLS domain
>> TLSc<10.1.23.19:5061> (dom 0x7fd2eefa3d68 ctx 0x7fd2ef7e70a8 sn [])
>> Oct 26 09:33:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls
>> [tls_domain.c:703]: sr_ssl_ctx_info_callback(): SSL handshake started
>>
>> Can you look at this code?
>>
>> Thank you in advance.
>>
>> --
>> Best regards,
>> Sergey Basov e-mail: sergey.v.basov(a)gmail.com
>>
>> tel: (+38067) 403-62-54
> --
> Daniel-Constantin Mierla
> http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
> Kamailio Advanced Training, Berlin, Nov 28-30, 2016 - http://www.asipto.com
>
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Berlin, Nov 28-30, 2016 - http://www.asipto.com
2942
days inactive
2949
days old
3 comments
2 participants
participants (2)
-
Daniel-Constantin Mierla -
Sergey Basov