<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hello,</p>
<p>you add two $xavp(tls=>...) with the operations you do, change
to:</p>
<p>$xavp(tls=>server_name)="btip.176.com";<br>
$xavp(tls[0]=>server_id)="btip.176.com";</p>
<p>so the server_id is added to the existing $xavp(tls->...)
instead of creating a new one that doesn have server_name.</p>
<p>Cheers,<br>
Daniel<br>
</p>
<div class="moz-cite-prefix">On 20.12.19 07:39, mahesh b wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CACYt9Vic2KV7nPJ9nhz-jTZS-EuK-ZjmG7nOHz0m9_zjAEiUcA@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div>Hi ,</div>
<div> I further went thru the logs of kamailio, and i see
the below happening.</div>
<div><br>
</div>
<div>tls [tls_server.c:169]: tls_get_connect_server_name[]:
xavp with outbound server name not found<br>
</div>
<div>tls [tls_server.c:152]: tls_get_connect_server_id[]: found
xavp with outbound server id: <a href="http://btip.176.com"
moz-do-not-send="true">btip.176.com</a><br>
</div>
<div><br>
</div>
<div> Its strange its able to find the client profile based on
server_id , but not able to find using the server_name</div>
<div><br>
</div>
<div>In tls_complete_init( )</div>
<div><br>
</div>
<div>if (c->flags & F_CONN_PASSIVE) {<br>
state=S_TLS_ACCEPTING;<br>
dom = tls_lookup_cfg(cfg, TLS_DOMAIN_SRV,<br>
&c->rcv.dst_ip, c->rcv.dst_port, 0, 0);<br>
} else {<br>
state=S_TLS_CONNECTING;<br>
sname = tls_get_connect_server_name();<br>
srvid = tls_get_connect_server_id();<br>
dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI,<br>
&c->rcv.dst_ip, c->rcv.dst_port, sname, srvid);<br>
}<br>
</div>
<div><br>
</div>
<div>Am acting as client, so it will hit the else part</div>
<div><br>
</div>
<div>the call to
sname = tls_get_connect_server_name(); //failed with below
logs </div>
<div> tls [tls_server.c:169]: tls_get_connect_server_name[]:
xavp with outbound server name not found </div>
<div><br>
</div>
<div>the call to
srvid = tls_get_connect_server_id(); // success with below
logs<br>
</div>
<div>
<div>tls [tls_server.c:152]: tls_get_connect_server_id[]:
found xavp with outbound server id: <a
href="http://btip.176.com" moz-do-not-send="true">btip.176.com</a><br>
</div>
</div>
<div><br>
</div>
And futher down in the function : as sname is NULL, it is not
setting the server name extension in client hello message.
<div><br>
</div>
<div>#ifndef OPENSSL_NO_TLSEXT<br>
if (sname!=NULL) {<br>
if(!SSL_set_tlsext_host_name(data->ssl, sname->s)) {<br>
if (data->ssl)<br>
SSL_free(data->ssl);<br>
if (data->rwbio)<br>
BIO_free(data->rwbio);<br>
goto error;<br>
}<br>
LM_DBG("outbound TLS server name set to: %s\n", sname->s);<br>
}<br>
#endif</div>
<div><br>
</div>
<div>Am i missing anything here w.r.t configuration ? or is it a
bug ? which has been fixed in later versions ? Please help !!</div>
<div><br>
</div>
<div>Regards,</div>
<div>Mahesh.B<br>
<div><br>
</div>
<div><br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, Dec 19, 2019 at
5:53 PM mahesh b <<a
href="mailto:mahesh.b.2487@gmail.com"
moz-do-not-send="true">mahesh.b.2487@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<p
style="box-sizing:border-box;margin-bottom:16px;color:rgb(36,41,46);font-family:-apple-system,BlinkMacSystemFont,"Segoe
UI",Helvetica,Arial,sans-serif,"Apple
Color Emoji","Segoe UI
Emoji";font-size:14px;margin-top:0px">Hi,</p>
<p
style="box-sizing:border-box;margin-bottom:16px;color:rgb(36,41,46);font-family:-apple-system,BlinkMacSystemFont,"Segoe
UI",Helvetica,Arial,sans-serif,"Apple
Color Emoji","Segoe UI
Emoji";font-size:14px;margin-top:0px">Am using
Kamailio 5.1.9 version</p>
<p
style="box-sizing:border-box;margin-bottom:16px;color:rgb(36,41,46);font-family:-apple-system,BlinkMacSystemFont,"Segoe
UI",Helvetica,Arial,sans-serif,"Apple
Color Emoji","Segoe UI
Emoji";font-size:14px;margin-top:0px"><br
style="box-sizing:border-box">
My Setup : client1 -> kamailio server 1 ( IP :
10.211.160.172) ----> kamailio server 2( IP :
10.211.160.176) -> client2</p>
<p
style="box-sizing:border-box;margin-top:0px;margin-bottom:16px;color:rgb(36,41,46);font-family:-apple-system,BlinkMacSystemFont,"Segoe
UI",Helvetica,Arial,sans-serif,"Apple
Color Emoji","Segoe UI
Emoji";font-size:14px">I have a scenario where
kamailio server 1 has to initiate an outgoing tls
connection to kamailio server 2, i have set the
server_name and server_id in the client profile in
tls.cfg like below on kamailio server 1</p>
<p
style="box-sizing:border-box;margin-top:0px;margin-bottom:16px;color:rgb(36,41,46);font-family:-apple-system,BlinkMacSystemFont,"Segoe
UI",Helvetica,Arial,sans-serif,"Apple
Color Emoji","Segoe UI
Emoji";font-size:14px">[client:default]<br
style="box-sizing:border-box">
verify_certificate = no<br
style="box-sizing:border-box">
require_certificate = no<br
style="box-sizing:border-box">
server_name = <a href="http://mahesh.client.com"
target="_blank" moz-do-not-send="true">mahesh.client.com</a></p>
<p
style="box-sizing:border-box;margin-top:0px;margin-bottom:16px;color:rgb(36,41,46);font-family:-apple-system,BlinkMacSystemFont,"Segoe
UI",Helvetica,Arial,sans-serif,"Apple
Color Emoji","Segoe UI
Emoji";font-size:14px">[client:<a
href="http://10.211.160.172:5061" target="_blank"
moz-do-not-send="true">10.211.160.172:5061</a>]<br
style="box-sizing:border-box">
method = TLSv1+<br style="box-sizing:border-box">
verify_certificate = yes<br
style="box-sizing:border-box">
require_certificate = yes<br
style="box-sizing:border-box">
private_key =
/root/mahesh_openssl/profile2/btip_172_server_private.key<br
style="box-sizing:border-box">
certificate =
/root/mahesh_openssl/profile2/btip_172_server_public.crt<br
style="box-sizing:border-box">
ca_list =
/root/mahesh_openssl/profile2/btip_ca_public.crt<br
style="box-sizing:border-box">
cipher_list = RSA<br style="box-sizing:border-box">
verify_depth = 9<br style="box-sizing:border-box">
server_name = <a href="http://btip.176.com"
target="_blank" moz-do-not-send="true">btip.176.com</a><br
style="box-sizing:border-box">
server_id = <a href="http://btip.176.com"
target="_blank" moz-do-not-send="true">btip.176.com</a></p>
<p
style="box-sizing:border-box;margin-top:0px;margin-bottom:16px;color:rgb(36,41,46);font-family:-apple-system,BlinkMacSystemFont,"Segoe
UI",Helvetica,Arial,sans-serif,"Apple
Color Emoji","Segoe UI
Emoji";font-size:14px">And in sar.cfg</p>
<p
style="box-sizing:border-box;margin-top:0px;margin-bottom:16px;color:rgb(36,41,46);font-family:-apple-system,BlinkMacSystemFont,"Segoe
UI",Helvetica,Arial,sans-serif,"Apple
Color Emoji","Segoe UI
Emoji";font-size:14px">$xavp(tls=>server_name)="<a
href="http://btip.176.com" target="_blank"
moz-do-not-send="true">btip.176.com</a>";<br
style="box-sizing:border-box">
$xavp(tls=>server_id)="<a
href="http://btip.176.com" target="_blank"
moz-do-not-send="true">btip.176.com</a>";<br
style="box-sizing:border-box">
$du = <a class="moz-txt-link-rfc2396E" href="sip:10.211.160.176:5061;transport=tls">"sip:10.211.160.176:5061;transport=tls"</a>;<br
style="box-sizing:border-box">
....<br style="box-sizing:border-box">
t_relay();</p>
<p
style="box-sizing:border-box;margin-top:0px;color:rgb(36,41,46);font-family:-apple-system,BlinkMacSystemFont,"Segoe
UI",Helvetica,Arial,sans-serif,"Apple
Color Emoji","Segoe UI
Emoji";font-size:14px;margin-bottom:0px">What i
observe is that , when client hello is sent by
10.211.160.172 to 10.211.160.176, i dont see
Extension server_name being sent. Am i missing
anything. Please help !</p>
</div>
</blockquote>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Kamailio (SER) - Users Mailing List
<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.kamailio.org">sr-users@lists.kamailio.org</a>
<a class="moz-txt-link-freetext" href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla -- <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a>
Kamailio World Conference - April 27-29, 2020, in Berlin -- <a class="moz-txt-link-abbreviated" href="http://www.kamailioworld.com">www.kamailioworld.com</a></pre>
</body>
</html>