[SR-Users] Support for TLS server_name extension (aka SNI=server name indication)
Klaus Darilion
klaus.mailinglists at pernau.at
Tue Sep 2 17:01:43 CEST 2014
Adding SNI was rather easy. I used the original SNI patch for Apache and
copy-pasted this patch into Kamailio. We could do this again, but this
patch does not have any license details, thus I would recommend to not
do it. Unfortunately I haven't found proper SNI API desription of
libssl. Maybe we can find some software with SNI support and BSD license
and then copy/paste the code.
regards
Klaus
On 02.09.2014 16:49, Daniel-Constantin Mierla wrote:
> Hi Klaus,
>
> thanks for updating on the status.
>
> Do you remember what implied to add support for SNI?
>
> It should be brought back if we lost it. Maybe you can adapt the old
> patch if it not something that complex and you have time to look at it.
> Otherwise, any further details about what you had to do in the past
> would help to add support for it again.
>
> Daniel
>
> On 02/09/14 15:57, Klaus Darilion wrote:
>> Indeed, currently Kamailio does not support SNI (was dropped with ser
>> merge)
>>
>> Klaus
>>
>> On 29.08.2014 16:11, Daniel-Constantin Mierla wrote:
>>> Hello,
>>>
>>> starting with 3.0 we got the implementation from SER at that time (being
>>> more flexible with config and later getting asynchronous support).
>>>
>>> A quick grep in the sources shows things related to server_name, but
>>> apparently is just for accessing them via cfg selects.
>>>
>>> I cc-ed Jan who is author of some commits related to server name and
>>> Klaus who did the patch for old kamailio -- maybe they remember how far
>>> it got with server name implementation and if it got at least the parts
>>> from old kamailio to 3.0.
>>>
>>> Cheers,
>>> Daniel
>>>
>>> On 29/08/14 15:25, Barry Flanagan wrote:
>>>> Hi,
>>>>
>>>> Back in Kamailio 1.5, the release notes state:
>>>>
>>>> "support for TLS server_name extension (aka SNI=server name
>>>> indication)"
>>>>
>>>> However, I cannot find any indication of this in the current TLS docs,
>>>> and trying to set tls_server_name or server_name in tls.cfg fails with
>>>> "unsupported option".
>>>>
>>>> Is this actually supported?
>>>>
>>>> Thanks.
>>>>
>>>> -Barry Flanagan
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>> sr-users at lists.sip-router.org
>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>> --
>>> Daniel-Constantin Mierla
>>> http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>>> Next Kamailio Advanced Trainings 2014 - http://www.asipto.com
>>> Sep 22-25, Berlin, Germany ::: Oct 15-17, San Francisco, USA
>>>
>
More information about the sr-users
mailing list