You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
I'm using Kamailio 5.2.2+xenial.
Set up a basic tls.cfg like this:
[server:default]
verify_certificate = no
require_certificate = no
private_key = /tmp/default.key
certificate = /tmp/default.pem
[server:any]
method = TLSv1
verify_certificate = no
require_certificate = no
private_key = /tmp/domain.key
certificate = /tmp/domain.pem
server_name = sip.domain.com
server_name_mode = 1
Connect with openssl like this openssl s_client -connect server:5061 and Kamailio will - obviously - offer the default.pem certificate.
However, use openssl s_client -connect server:5061 -servername sip.domain.com and Kamailio will still offer the default.pem certificate, where I'd expect it to offer domain.pem. I tested these openssl commandline invocations against an nginx server that's working with these same certificates, and SNI is working properly there.
From the Kamailio logs on starting up, it does seem to detect that a SNI callback should be registered with OpenSSL.
Apr 25 11:43:37 kamailio[7447]: NOTICE: tls [tls_domain.c:1083]: ksr_tls_fix_domain(): registered server_name callback handler for socket [:0], server_name='sip.domain.com' ...
However, it's not triggering:
Apr 25 11:39:04 kamailio[7344]: DEBUG: <core> [core/ip_addr.c:229]: print_ip(): tcpconn_new: new tcp connection: 4.1.3.1
Apr 25 11:39:04 kamailio[7344]: DEBUG: <core> [core/tcp_main.c:999]: tcpconn_new(): on port 55428, type 3
Apr 25 11:39:04 kamailio[7344]: DEBUG: <core> [core/tcp_main.c:1305]: tcpconn_add(): hashes: 3726:2401:2691, 1
Apr 25 11:39:04 kamailio[7344]: DEBUG: <core> [core/io_wait.h:380]: io_watch_add(): DBG: io_watch_add(0xa86c60, 60, 2, 0x7f00ad8279b0), fd_no=51
Apr 25 11:39:04 kamailio[7344]: DEBUG: <core> [core/io_wait.h:602]: io_watch_del(): DBG: io_watch_del (0xa86c60, 60, -1, 0x0) fd_no=52 called
Apr 25 11:39:04 kamailio[7344]: DEBUG: <core> [core/tcp_main.c:4196]: handle_tcpconn_ev(): sending to child, events 1
Apr 25 11:39:04 kamailio[7344]: DEBUG: <core> [core/tcp_main.c:3875]: send2child(): selected tcp worker idx:0 proc:44 pid:7342 for activity on [tls:1.6.1.6:5061], 0x7f00ad8279b0
Apr 25 11:39:04 kamailio[7342]: DEBUG: <core> [core/tcp_read.c:1759]: handle_io(): received n=8 con=0x7f00ad8279b0, fd=10
Apr 25 11:39:04 kamailio[7342]: DEBUG: tls [tls_server.c:199]: tls_complete_init(): completing tls connection initialization
Apr 25 11:39:04 kamailio[7342]: DEBUG: tls [tls_server.c:228]: tls_complete_init(): Using initial TLS domain TLSs<default> (dom 0x7f00ad1b02e8 ctx 0x7f00ad406408 sn [])
Apr 25 11:39:04 kamailio[7342]: DEBUG: tls [tls_domain.c:1155]: tls_lookup_private_key(): Private key lookup for SSL_CTX-0x7f00ad406408: (nil)
Apr 25 11:39:04 kamailio[7342]: DEBUG: tls [tls_domain.c:737]: sr_ssl_ctx_info_callback(): SSL handshake started
Apr 25 11:39:04 kamailio[7342]: DEBUG: <core> [core/tcp_main.c:2460]: tcpconn_do_send(): sending...
Apr 25 11:39:04 kamailio[7342]: DEBUG: <core> [core/tcp_main.c:2494]: tcpconn_do_send(): after real write: c= 0x7f00ad8279b0 n=2817 fd=10
Apr 25 11:39:04 kamailio[7342]: DEBUG: <core> [core/tcp_main.c:2495]: tcpconn_do_send(): buf=#012#026#003#001
Apr 25 11:39:04 kamailio[7342]: DEBUG: <core> [core/io_wait.h:380]: io_watch_add(): DBG: io_watch_add(0xae0200, 10, 2, 0x7f00ad8279b0), fd_no=1
Apr 25 11:39:04 kamailio[7342]: DEBUG: tls [tls_domain.c:1155]: tls_lookup_private_key(): Private key lookup for SSL_CTX-0x7f00ad406408: (nil)
Apr 25 11:39:04 kamailio[7342]: DEBUG: tls [tls_domain.c:749]: sr_ssl_ctx_info_callback(): SSL handshake done
Apr 25 11:39:04 kamailio[7342]: DEBUG: tls [tls_domain.c:753]: sr_ssl_ctx_info_callback(): SSL disable renegotiation
Apr 25 11:39:04 kamailio[7342]: DEBUG: tls [tls_server.c:424]: tls_accept(): TLS accept successful
Apr 25 11:39:04 kamailio[7342]: DEBUG: tls [tls_server.c:431]: tls_accept(): tls_accept: new connection from 4.1.3.1:55428 using TLSv1/SSLv3 AES256-SHA 256
Apr 25 11:39:04 kamailio[7342]: DEBUG: tls [tls_server.c:434]: tls_accept(): tls_accept: local socket: 1.6.1.6:5061
Apr 25 11:39:04 kamailio[7342]: DEBUG: tls [tls_server.c:445]: tls_accept(): tls_accept: client did not present a certificate
Apr 25 11:39:04 kamailio[7342]: DEBUG: <core> [core/tcp_main.c:2460]: tcpconn_do_send(): sending...
Apr 25 11:39:04 kamailio[7342]: DEBUG: <core> [core/tcp_main.c:2494]: tcpconn_do_send(): after real write: c= 0x7f00ad8279b0 n=266 fd=10
Apr 25 11:39:04 kamailio[7342]: DEBUG: <core> [core/tcp_main.c:2495]: tcpconn_do_send(): buf=#012#026#003#001
Apr 25 11:39:10 kamailio[7342]: DEBUG: <core> [core/io_wait.h:602]: io_watch_del(): DBG: io_watch_del (0xae0200, 10, -1, 0x10) fd_no=2 called
Apr 25 11:39:10 kamailio[7342]: DEBUG: <core> [core/tcp_read.c:1680]: release_tcpconn(): releasing con 0x7f00ad8279b0, state 1, fd=10, id=1 ([4.1.3.1]:55428 -> [4.1.3.1]:5061)
Apr 25 11:39:10 kamailio[7342]: DEBUG: <core> [core/tcp_read.c:1684]: release_tcpconn(): extra_data 0x7f00ad7c4ab8
Apr 25 11:39:10 kamailio[7344]: DEBUG: <core> [core/tcp_main.c:3307]: handle_tcp_child(): reader response= 7f00ad8279b0, 1 from 0
Apr 25 11:39:10 kamailio[7344]: DEBUG: <core> [core/io_wait.h:380]: io_watch_add(): DBG: io_watch_add(0xa86c60, 60, 2, 0x7f00ad8279b0), fd_no=51
Apr 25 11:39:10 kamailio[7344]: DEBUG: <core> [core/tcp_main.c:3434]: handle_tcp_child(): CONN_RELEASE 0x7f00ad8279b0 refcnt= 1
Looking at other issues like #1574, I think I'm supposed to see a tls_server_name_cb log line upon connecting, but there is none.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.