[sr-dev] [kamailio/kamailio] Kamailio not using SNI in incoming requests (#1938)

maheshb2487 notifications at github.com
Fri Dec 20 07:42:06 CET 2019 

Hi Henningw,,
     I further went thru the logs of kamailio, and i see the below happening.

tls [tls_server.c:169]:  tls_get_connect_server_name[]: xavp with outbound server name not found
tls [tls_server.c:152]:  tls_get_connect_server_id[]: found xavp with outbound server id: btip.176.com

   Its strange its able to find the client profile based on server_id , but not able to find using the server_name

In tls_complete_init( )

if (c->flags & F_CONN_PASSIVE) {
state=S_TLS_ACCEPTING;
dom = tls_lookup_cfg(cfg, TLS_DOMAIN_SRV,
&c->rcv.dst_ip, c->rcv.dst_port, 0, 0);
} else {
state=S_TLS_CONNECTING;
sname = tls_get_connect_server_name();
srvid = tls_get_connect_server_id();
dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI,
&c->rcv.dst_ip, c->rcv.dst_port, sname, srvid);
}

Am acting as client, so it will hit the else part

the call to  sname = tls_get_connect_server_name(); //failed with below logs 
  tls [tls_server.c:169]:  tls_get_connect_server_name[]: xavp with outbound server name not found 

the call to   srvid = tls_get_connect_server_id();  // success with below logs
tls [tls_server.c:152]:  tls_get_connect_server_id[]: found xavp with outbound server id: btip.176.com

And futher down in the function : as sname is NULL, it is not setting the server name extension in client hello message.

#ifndef OPENSSL_NO_TLSEXT
if (sname!=NULL) {
if(!SSL_set_tlsext_host_name(data->ssl, sname->s)) {
if (data->ssl)
SSL_free(data->ssl);
if (data->rwbio)
BIO_free(data->rwbio);
goto error;
}
LM_DBG("outbound TLS server name set to: %s\n", sname->s);
}
#endif

Am i missing anything here w.r.t configuration ? or is it a bug ? which has been fixed in later versions ? Please help !!

Regards,
Mahesh.B

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1938#issuecomment-567810313
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20191219/9b864d5a/attachment.html>

More information about the sr-dev mailing list