[SR-Users] TLS Profiles : server_name and server_id query
Daniel-Constantin Mierla
miconda at gmail.com
Tue Jan 21 14:30:35 CET 2020
Hello,
looks like a bug in that matching conditions. I guess I used with same
value for server id and server name, so the issue was not exposed. I
will fix it soon.
Cheers,
Daniel
On 21.01.20 13:54, mahesh b wrote:
> Hi All,
>
> Am using kamailio 5.1.9 version
>
> From http://www.kamailio.org/docs/modules/5.1.x/modules/tls.html , i
> understand " The value for server_id can be any string, being used to
> match TLS client config profile, overriding the match on ip:port and
> server_name. "
>
> Which suggests that the server_name and server_id can be different for
> a tls profile
>
> IN my tls.cfg i have [client:default] verify_certificate = no
> require_certificate = no [client:10.211.160.172:5071
> <http://10.211.160.172:5071>] method = TLSv1.2 verify_certificate =
> yes require_certificate = yes private_key =
> /ssl/sip/profile1/server.key certificate =
> /ssl/sip/profile1/server.crt ca_list = /ssl/sip/profile1/ca.crt
> cipher_list = RSA verify_depth = 9 server_id = profile1 server_name =
> btip.176.com <http://btip.176.com> And in sar.cfg i am doing, before
> sending the request out $xavp(tls=>server_name)="btip.176.com
> <http://btip.176.com>"; $xavp(tls[0]=>server_id)="profile1"; But if i
> see the logs , its picking client default profile for tls handshake,
> Am i missing anything in tls.cfg or sar.cfg ?
> if i see the code in tls_lookup_cfg()
> while (p) {
> if(srvid && srvid->len>0) {
> LM_DBG("comparing addr: [%s:%d] [%s:%d] -- id: [%.*s] [%.*s]\n",
> ip_addr2a(&p->ip), p->port, ip_addr2a(ip), port,
> p->server_id.len, ZSW(p->server_id.s),
> srvid->len, ZSW(srvid->s));
> if(p->server_id.s && p->server_id.len==srvid->len
> && strncasecmp(p->server_name.s, srvid->s, srvid->len)==0) {
> LM_DBG("TLS config found by server id\n");
> return p;
> } .... Why is that there is a strncasecmp between p->server_name.s
> and srvid->s ?? the strncasecmp should be between p->server_id.s and
> srvid->s right ?
>
> Regards, Mahesh.B
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - March 9-11, 2020, Berlin - www.asipto.com
Kamailio World Conference - April 27-29, 2020, in Berlin -- www.kamailioworld.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200121/066f216d/attachment.html>
More information about the sr-users
mailing list