[sr-dev] [kamailio/kamailio] TLS: same TLSc is used for different outbound connection when it is switched with tls_set_connect_server_id() (#2760)

Tim Chubb notifications at github.com
Thu Jun 10 17:19:49 CEST 2021

@miconda it was a very naïve modification so it just created a new connection and never reused which was a horrible solution

Re-reading through tcp_main.c I had a spark of inspiration when I noticed that  `tcpconn_rm` checked if `c->extra_data` had a value other than 0 to determine if `tls_tcpconn_clean` needed calling.  

I have currently hacked an extra property to indicate sni force connection into the `tls_extra_data` struct, which gets set by calling  `ksr_tls_set_connect_server_id`, an additional check is added to `_tcpconn_find` which checks if the connection is TLS or WSS and that the sni force new connection `extra_data` property is 1,   now only requests which have a call to `tls_set_connect_server_id` force a new connection, otherwise connections are reused (in my limited testing so far).  I havnt investigated if the flags property might be more appropriate.  One thing that occurs to me with this solution is that other than the changes to the `tls_extra_data` struct the behaviour could be explicitly triggered with an additional argument on `tls_set_connect_server_id(str serverId, bool forceNew)` thus wouldnt effect any existing behaviours?

I shall dig out the PR guidelines and get one raised ASAP, i suspect my fix is a bit too hairy a solution to make it, but im happy to contribute to the discussion.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20210610/80c5edd1/attachment.htm>

More information about the sr-dev mailing list