The prototype of tls_lookup_cfg() can be changed if needed, that's not a
problem.
The solution with xavp is ok and available now, the one with new match
attribute may be an alternative the config simpler.
Anyhow, I am closing this one, given there is a solution. If anyone considers
to
Closed #842.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/842#event-846118189___
sr-dev mailing list
sr-dev@lists.sip-router.org
It is interesting but not easy solution.
Because tls_lookup_cfg accepting only one ip and port...
Another solution can be in [MANAGE_BRANCH] route add next check condition:
```
if ($rP == "TLS") {
$xavp(tls=>server_name) = $rd + ":" + $rp;
$xavp(tls=>server_id) = $rd + ":" + $rp;
}
The patch is breaking the expected behaviour so far. I see benefits on matching
based on remote address, but existing one has to be preserved as well.
One solution would be to add a new attribute in the section to specify the
address to match, like:
```
match=local
# or
match=remote
```
This
In my case kamailio acts as client to cisco sip tls gateway to make outgoing
calls.
and private_key is not remote server private key it is client private key to
make client authorization on remote server.
Without this cisco close tls connection.
--
You are receiving this because you are
The client in this case is kamailio, so it's its certificate. Kamailio is not
supposed to have access to private key of the remote end point. iptel.org is
the portal that was used for SIP Express Router (SER), previous name of
kamailio project.
--
You are receiving this because you are
sorry for incorrect formating.
i have made comment using mobile version
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
As i understand from
https://github.com/kamailio/kamailio/blob/master/modules/tls/tls.cfg
# Special settings for the iptel.org public SIP
# server. We do not verify the certificate of the
# server because it can be expired. The server
# implements authentication using SSL client
# certificates
The [client...] section in the tls config is meant to specify the attributes
when kamailio opens a connection from that socket (kamailio acts as the client
from the point of view of tls connection). It is supposed to be local ip:port,
not remoteip:port.
I understand that you are looking at
