[Devel] Re: TLS and multidomain
Klaus Darilion
klaus.mailinglists at pernau.at
Wed Sep 28 12:47:33 CEST 2005
Adrian Georgescu wrote:
> In a multi-domain environment you would like to use only one ip:port and
> serve multiple domains. Serve means you can do authorization for
> Register messages and you can apply different rules for callers in
> different domains. Is the same like a web server where you can serve
> multiple websites with one IP alone.
>
> The problem is that if you use SSL you must establish first connection
> and just after the TLS negotiation takes place you may inspect the
> content of the SIP message to extract the domain. This is also valid for
> SSL websites, you must use on ip:port combination per common name. So I
> deduct that a remote server may use only a default cert per ip:port when
> a session comes.
>
> But my SENDING proxy should be able to select the certificate based on
> the calling user when calling out of my proxy, if a certificate for the
> @domain part is available.
If you want to allow incoming TLS you need a IP:port for each domain.
Thus, for outgoing the same IP:port should be used, together with the
corresponding certificate.
klaus
More information about the Devel
mailing list