[Kamailio-Devel] [ openser-Patches-2007478 ] TLS server_name extension

Klaus Darilion klaus.mailinglists at pernau.at
Mon Aug 11 17:03:36 CEST 2008 

Hi Henning!

I can not reproduce the warnings. Are you using a special make command?

regards
klaus

SourceForge.net schrieb:
> Patches item #2007478, was opened at 2008-07-01 07:55
> Message generated for change (Comment added) made by nobody
> You can respond by visiting: 
> https://sourceforge.net/tracker/?func=detail&atid=743022&aid=2007478&group_id=139143
> 
> Please note that this message will contain a full copy of the comment thread,
> including the initial issue submission, for this request,
> not just the latest update.
> Category: core
> Group: None
> Status: Open
> Resolution: None
> Priority: 5
> Private: No
> Submitted By: Klaus Darilion (klaus_darilion)
> Assigned to: Nobody/Anonymous (nobody)
> Summary: TLS server_name extension
> 
> Initial Comment:
> Hi!
> 
> The attached patch adds the TLS server_name extension to Openser (something for 1.5). In short:
> 
> outgoing TLS requests: configure the tls_server_name_avp and set it in the script to the requested domain.
> 
> incoming TLS requests: configure like before multiple TLS client domains. But this time, use the same IP:port but specify the domain by using the new "tls_server_name" directive. Then, if the incoming TLS request has a server_name and a matching client domain is found, the SSL_CTX context for the incoming SSL connection will be switched.
> 
> Documentation and tlsops module was extended too.
> 
> It would be great if someone could review the patch. For configuration of the server_name AVP i still use the old syntax, e.g.:
>   tls_server_name_avp=400
> Using the new syntax, e.g. tls_server_name_avp=avp{i:400}, would be better, but unfortunately I did not understand how to do this. Maybe someone with more PV experience could change this.
> 
> regards
> klaus
> 
> ----------------------------------------------------------------------
> 
> Comment By: Nobody/Anonymous (nobody)
> Date: 2008-08-11 10:08
> 
> Message:
> Logged In: NO 
> 
> Hi Henning!
> 
> I will review you port to trunk and the warnings
> 
> thanks
> klaus
> 
> ----------------------------------------------------------------------
> 
> Comment By: Henning Westerholt (henningw)
> Date: 2008-08-11 09:48
> 
> Message:
> Logged In: YES 
> user_id=337916
> Originator: NO
> 
> Hi Klaus,
> 
> i ported the patch to the current trunk, there were some conflicts after
> the rename and doxygen extensions. I spotted a few warnings in tlsops:
> tls_select.c: In function tlsops_tlsext:
> tls_select.c:613: warning: unused variable ssl
> tls_select.c:612: warning: unused variable c
> tls_select.c:611: warning: unused variable buf
> 
> I also removed the tls/README from the patch, because of some conflicts i
> could not get rid of (something from the svn $DATE format). Perhaps you can
> regenerate this on your machine? Otherwise i did not managed to review your
> code that much yet.
> 
> Henning
> File Added: kamailio-trunk-TLS-servername.patch
> 
> ----------------------------------------------------------------------
> 
> Comment By: Klaus Darilion (klaus_darilion)
> Date: 2008-07-02 08:32
> 
> Message:
> Logged In: YES 
> user_id=1318360
> Originator: YES
> 
> Update: pjsip-trunk now also supports SNI. I tested pjsip against openser
> and it worked fine. (pjsip also uses openssl)
> 
> ----------------------------------------------------------------------
> 
> Comment By: Nobody/Anonymous (nobody)
> Date: 2008-07-01 08:01
> 
> Message:
> Logged In: NO 
> 
> Some more comments: To use this feature, Openser needs an openSSL library
> with TLS extensions enabled. Recent openSSL version 0.9.8h supports TLS
> extensions, but they are not enabled by default. You have to configure
> openSSL with "./configure --enable-tlsext" and build it yourself.
> 
> PS: If you are using debian, just use openssl package >= 0.9.8g-10.1. 
> 
> ----------------------------------------------------------------------
> 
> You can respond by visiting: 
> https://sourceforge.net/tracker/?func=detail&atid=743022&aid=2007478&group_id=139143
> 
> _______________________________________________
> Devel mailing list
> Devel at lists.kamailio.org
> http://lists.kamailio.org/cgi-bin/mailman/listinfo/devel

More information about the Devel mailing list