<div dir="ltr">Thank you Daniel, That Resolved my problem.<div><br></div><div><div>It would be helpful if in this link <a href="http://www.kamailio.org/docs/modules/5.1.x/modules/tls.html" target="_blank">http://www.kamailio.org/docs/modules/5.1.x/modules/tls.html</a> </div><div><br></div><div>In section <span style="color:rgb(107,83,68);font-family:Scada,Helvetica,sans-serif;font-size:20px;font-style:italic">9.32. </span><code style="color:rgb(107,83,68);font-size:20px;font-style:italic">xavp_cfg</code><span style="color:rgb(107,83,68);font-family:Scada,Helvetica,sans-serif;font-size:20px;font-style:italic"> </span><span style="color:rgb(107,83,68);font-family:Scada,Helvetica,sans-serif;font-size:20px;font-style:italic">(string)</span></div><div><br></div><div> the example can be updated from : <br></div><div>...<br></div><div> modparam("tls", "xavp_cfg", "tls")<br> ...<br> $xavp(tls=>server_name) = "<a href="http://kamailio.org/" target="_blank">kamailio.org</a>";<br> $xavp(tls=>server_id) = "<a href="http://kamailio.org/" target="_blank">kamailio.org</a>";<br> $du = "sip:kamailio.org:5061;transport=tls";<br> route(RELAY);<br>...<span style="color:rgb(107,83,68);font-family:Scada,Helvetica,sans-serif;font-size:20px;font-style:italic"><br></span></div><div><br></div><div>to : </div><div>...<br> modparam("tls", "xavp_cfg", "tls")<br> ...<br> $xavp(tls=>server_name) = "<a href="http://kamailio.org/" target="_blank">kamailio.org</a>";<br> $xavp(tls[0]=>server_id) = "<a href="http://kamailio.org/" target="_blank">kamailio.org</a>";<br> $du = "sip:kamailio.org:5061;transport=tls";<br> route(RELAY);<br>...<br></div><br class="gmail-Apple-interchange-newline"><div>Regards,</div><div>Mahesh.B</div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Dec 20, 2019 at 7:51 PM Daniel-Constantin Mierla <<a href="mailto:miconda@gmail.com">miconda@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Hello,</p>
<p>you add two $xavp(tls=>...) with the operations you do, change
to:</p>
<p>$xavp(tls=>server_name)="<a href="http://btip.176.com" target="_blank">btip.176.com</a>";<br>
$xavp(tls[0]=>server_id)="<a href="http://btip.176.com" target="_blank">btip.176.com</a>";</p>
<p>so the server_id is added to the existing $xavp(tls->...)
instead of creating a new one that doesn have server_name.</p>
<p>Cheers,<br>
Daniel<br>
</p>
<div>On 20.12.19 07:39, mahesh b wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Hi ,</div>
<div> I further went thru the logs of kamailio, and i see
the below happening.</div>
<div><br>
</div>
<div>tls [tls_server.c:169]: tls_get_connect_server_name[]:
xavp with outbound server name not found<br>
</div>
<div>tls [tls_server.c:152]: tls_get_connect_server_id[]: found
xavp with outbound server id: <a href="http://btip.176.com" target="_blank">btip.176.com</a><br>
</div>
<div><br>
</div>
<div> Its strange its able to find the client profile based on
server_id , but not able to find using the server_name</div>
<div><br>
</div>
<div>In tls_complete_init( )</div>
<div><br>
</div>
<div>if (c->flags & F_CONN_PASSIVE) {<br>
state=S_TLS_ACCEPTING;<br>
dom = tls_lookup_cfg(cfg, TLS_DOMAIN_SRV,<br>
&c->rcv.dst_ip, c->rcv.dst_port, 0, 0);<br>
} else {<br>
state=S_TLS_CONNECTING;<br>
sname = tls_get_connect_server_name();<br>
srvid = tls_get_connect_server_id();<br>
dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI,<br>
&c->rcv.dst_ip, c->rcv.dst_port, sname, srvid);<br>
}<br>
</div>
<div><br>
</div>
<div>Am acting as client, so it will hit the else part</div>
<div><br>
</div>
<div>the call to
sname = tls_get_connect_server_name(); //failed with below
logs </div>
<div> tls [tls_server.c:169]: tls_get_connect_server_name[]:
xavp with outbound server name not found </div>
<div><br>
</div>
<div>the call to
srvid = tls_get_connect_server_id(); // success with below
logs<br>
</div>
<div>
<div>tls [tls_server.c:152]: tls_get_connect_server_id[]:
found xavp with outbound server id: <a href="http://btip.176.com" target="_blank">btip.176.com</a><br>
</div>
</div>
<div><br>
</div>
And futher down in the function : as sname is NULL, it is not
setting the server name extension in client hello message.
<div><br>
</div>
<div>#ifndef OPENSSL_NO_TLSEXT<br>
if (sname!=NULL) {<br>
if(!SSL_set_tlsext_host_name(data->ssl, sname->s)) {<br>
if (data->ssl)<br>
SSL_free(data->ssl);<br>
if (data->rwbio)<br>
BIO_free(data->rwbio);<br>
goto error;<br>
}<br>
LM_DBG("outbound TLS server name set to: %s\n", sname->s);<br>
}<br>
#endif</div>
<div><br>
</div>
<div>Am i missing anything here w.r.t configuration ? or is it a
bug ? which has been fixed in later versions ? Please help !!</div>
<div><br>
</div>
<div>Regards,</div>
<div>Mahesh.B<br>
<div><br>
</div>
<div><br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, Dec 19, 2019 at
5:53 PM mahesh b <<a href="mailto:mahesh.b.2487@gmail.com" target="_blank">mahesh.b.2487@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<p>Hi,</p>
<p>Am using
Kamailio 5.1.9 version</p>
<p><br style="box-sizing:border-box">
My Setup : client1 -> kamailio server 1 ( IP :
10.211.160.172) ----> kamailio server 2( IP :
10.211.160.176) -> client2</p>
<p>I have a scenario where
kamailio server 1 has to initiate an outgoing tls
connection to kamailio server 2, i have set the
server_name and server_id in the client profile in
tls.cfg like below on kamailio server 1</p>
<p>[client:default]<br style="box-sizing:border-box">
verify_certificate = no<br style="box-sizing:border-box">
require_certificate = no<br style="box-sizing:border-box">
server_name = <a href="http://mahesh.client.com" target="_blank">mahesh.client.com</a></p>
<p>[client:<a href="http://10.211.160.172:5061" target="_blank">10.211.160.172:5061</a>]<br style="box-sizing:border-box">
method = TLSv1+<br style="box-sizing:border-box">
verify_certificate = yes<br style="box-sizing:border-box">
require_certificate = yes<br style="box-sizing:border-box">
private_key =
/root/mahesh_openssl/profile2/btip_172_server_private.key<br style="box-sizing:border-box">
certificate =
/root/mahesh_openssl/profile2/btip_172_server_public.crt<br style="box-sizing:border-box">
ca_list =
/root/mahesh_openssl/profile2/btip_ca_public.crt<br style="box-sizing:border-box">
cipher_list = RSA<br style="box-sizing:border-box">
verify_depth = 9<br style="box-sizing:border-box">
server_name = <a href="http://btip.176.com" target="_blank">btip.176.com</a><br style="box-sizing:border-box">
server_id = <a href="http://btip.176.com" target="_blank">btip.176.com</a></p>
<p>And in sar.cfg</p>
<p>$xavp(tls=>server_name)="<a href="http://btip.176.com" target="_blank">btip.176.com</a>";<br style="box-sizing:border-box">
$xavp(tls=>server_id)="<a href="http://btip.176.com" target="_blank">btip.176.com</a>";<br style="box-sizing:border-box">
$du = <a>"sip:10.211.160.176:5061;transport=tls"</a>;<br style="box-sizing:border-box">
....<br style="box-sizing:border-box">
t_relay();</p>
<p>What i
observe is that , when client hello is sent by
10.211.160.172 to 10.211.160.176, i dont see
Extension server_name being sent. Am i missing
anything. Please help !</p>
</div>
</blockquote>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
Kamailio (SER) - Users Mailing List
<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<pre cols="72">--
Daniel-Constantin Mierla -- <a href="http://www.asipto.com" target="_blank">www.asipto.com</a>
<a href="http://www.twitter.com/miconda" target="_blank">www.twitter.com/miconda</a> -- <a href="http://www.linkedin.com/in/miconda" target="_blank">www.linkedin.com/in/miconda</a>
Kamailio World Conference - April 27-29, 2020, in Berlin -- <a href="http://www.kamailioworld.com" target="_blank">www.kamailioworld.com</a></pre>
</div>
</blockquote></div>