[SR-Users] Strange TLS problem
Daniel-Constantin Mierla
miconda at gmail.com
Wed Oct 14 15:16:49 CEST 2015
Hello,
I don't have the time to look at the code right now, but I remember that
I still have to tune some matching there, because the local port
allocated is random by the OS. One of the solutions was to set the
server name in tls.cfg and then set it via xavp_cfg (see tls parameters)
before relaying. Another one is to set the port to 0 in tls config, so
the port is no longer matched.
My plan was to enable matching the ip:port based on a value stored in
xavp_cfg, but got distracted by other tasks and forgot about it.
Cheers,
Daniel
On 14/10/15 12:40, Pete Kelly wrote:
> Hi
>
> I am trying to use the [client] directives in tls.cfg for the first
> time. For my configuration I need to connect to 2 servers, both via
> TLS and both using different certs.
>
> I have defined an entry in tls.cfg like
>
> [client:1.2.3.4:5061 <http://1.2.3.4:5061>]
> [client:5.6.7.8:5071 <http://5.6.7.8:5071>]
>
> and I also have an entry in dispatcher tables for each server using
> the URI format
>
> sip:1.2.3.4:5061;transport=tls
>
> With this configuration, I expect dispatcher to send OPTIONS to each
> server, and Kamailio to resolve the host in dispatcher to the correct
> client section of tls.cfg and negotiate a connection.
>
> However this is not happening. Dispatcher module is trying to send
> OPTIONS as expected, and it is using TLS as expected but it is not
> using the correct [client] section from tls.cfg. Instead it is always
> falling back to [client:default], and if that is not present it then
> tries to look for some internal Kamailio defaults.
>
> Has anyone come across this issue before? Debug logs don't yield
> anything useful, however my suspicion is that Kamailio may be trying
> to match "sip:1.2.3.4:5061;transport=tls" from dispatcher module to
> "1.2.3.4:5061 <http://1.2.3.4:5061>" from tls.cfg.
>
> Any help or advice would be appreciated
>
> Regards
> Pete
>
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20151014/f805d0e1/attachment.html>
More information about the sr-users
mailing list