[sr-dev] [kamailio/kamailio] TLS: same TLSc is used for different outbound connection when it is switched with tls_set_connect_server_id() (#2760)

Tim Chubb notifications at github.com
Thu Jun 10 17:19:49 CEST 2021


@miconda it was a very naïve modification so it just created a new connection and never reused which was a horrible solution

Re-reading through tcp_main.c I had a spark of inspiration when I noticed that  `tcpconn_rm` checked if `c->extra_data` had a value other than 0 to determine if `tls_tcpconn_clean` needed calling.  

I have currently hacked an extra property to indicate sni force connection into the `tls_extra_data` struct, which gets set by calling  `ksr_tls_set_connect_server_id`, an additional check is added to `_tcpconn_find` which checks if the connection is TLS or WSS and that the sni force new connection `extra_data` property is 1,   now only requests which have a call to `tls_set_connect_server_id` force a new connection, otherwise connections are reused (in my limited testing so far).  I havnt investigated if the flags property might be more appropriate.  One thing that occurs to me with this solution is that other than the changes to the `tls_extra_data` struct the behaviour could be explicitly triggered with an additional argument on `tls_set_connect_server_id(str serverId, bool forceNew)` thus wouldnt effect any existing behaviours?

I shall dig out the PR guidelines and get one raised ASAP, i suspect my fix is a bit too hairy a solution to make it, but im happy to contribute to the discussion.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2760#issuecomment-858713772
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20210610/80c5edd1/attachment.htm>


More information about the sr-dev mailing list