This is excellent news. The support for service side connections is good
enough for me. I will test and let you know if i face any problems.
Thank you very much for your help and cooperation.
On Tue, Feb 17, 2015 at 12:38 AM, Daniel-Constantin Mierla <
miconda(a)gmail.com> wrote:
Hello,
the SNI (server name indication) support was available in kamailio v1.5
and then lost when the code was integrated with ser. It was on my to-do to
re-add it but no time for it in the past. I just pushed a partial patch
that allows to set a server_name for each TLS server domain (context)
configured in the tls.cfg, like:
[server:127.0.0.1:5061]
method = TLSv1
...
server_name = localhost.loc
[server:127.0.0.1:5061]
method = TLSv1
...
server_name = localhost1.loc
So far I had the time to add only for server side -- when Kamailio is
accepting a TLS connection, should be able to select the context with
server_name matching the one advertised by the client.
Soon I will add the option to set the server name for connections that are
opened by kamailio towards other tls nodes.
Because it is impossible to know if the client will present a SNI,
kamailio first selects the context based only on ip:port matching and once
the SNI callback is executed, will switch to the appropriate one. Given
that there can be more contexts for same ip:port, the last one matching in
tls.cfg is selected first time. If no server name is matching after SNI
callback, the the 'default' server context is selected.
I did just basic testing so far with SIP registration, therefore proper
testing would be required on your side and feedback will be very
appreciated.
Cheers,
Daniel
On 12/02/15 15:15, Muhammad Shahzad wrote:
Hi,
I want to deploy a kamailio v4.2.x setup with multiple domains, all
resolve to same IPv4 address kamailio is listening on. I am bit confused
about how to configure TLS certificates using tls config file as mentioned
here,
http://kamailio.org/docs/modules/4.2.x/modules/tls.html#tls.p.config
The documentation states that,
--
If set the TLS module will load a special config file or config files from
config directory, in which different TLS parameters can be specified on a
per role (server or client) and domain basis (*for now only IPs*). The
corresponding module parameters will be ignored.
--
since all domains resolve single IP, so i assume i can specify only one
section in tls config file with pair of key/pem file path. How can i
specify more server certificates for same ip but with different domains?
Thank you.
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing
listsr-users@lists.sip-router.orghttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin
Mierlahttp://twitter.com/#!/miconda -
http://www.linkedin.com/in/miconda
Kamailio World Conference, May 27-29, 2015
Berlin, Germany -
http://www.kamailioworld.com