Hello, you add two $xavp(tls=>...) with the operations you do, change to:
$xavp(tls=>server_name)="btip.176.com"; $xavp(tls[0]=>server_id)="btip.176.com"; so the server_id is added to the existing $xavp(tls->...) instead of creating a new one that doesn have server_name. Cheers, Daniel On 20.12.19 07:39, mahesh b wrote: > Hi , > I further went thru the logs of kamailio, and i see the below > happening. > > tls [tls_server.c:169]: tls_get_connect_server_name[]: xavp with > outbound server name not found > tls [tls_server.c:152]: tls_get_connect_server_id[]: found xavp with > outbound server id: btip.176.com <http://btip.176.com> > > Its strange its able to find the client profile based on server_id > , but not able to find using the server_name > > In tls_complete_init( ) > > if (c->flags & F_CONN_PASSIVE) { > state=S_TLS_ACCEPTING; > dom = tls_lookup_cfg(cfg, TLS_DOMAIN_SRV, > &c->rcv.dst_ip, c->rcv.dst_port, 0, 0); > } else { > state=S_TLS_CONNECTING; > sname = tls_get_connect_server_name(); > srvid = tls_get_connect_server_id(); > dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI, > &c->rcv.dst_ip, c->rcv.dst_port, sname, srvid); > } > > Am acting as client, so it will hit the else part > > the call to sname = tls_get_connect_server_name(); //failed with > below logs > tls [tls_server.c:169]: tls_get_connect_server_name[]: xavp with > outbound server name not found > > the call to srvid = tls_get_connect_server_id(); // success with > below logs > tls [tls_server.c:152]: tls_get_connect_server_id[]: found xavp with > outbound server id: btip.176.com <http://btip.176.com> > > And futher down in the function : as sname is NULL, it is not setting > the server name extension in client hello message. > > #ifndef OPENSSL_NO_TLSEXT > if (sname!=NULL) { > if(!SSL_set_tlsext_host_name(data->ssl, sname->s)) { > if (data->ssl) > SSL_free(data->ssl); > if (data->rwbio) > BIO_free(data->rwbio); > goto error; > } > LM_DBG("outbound TLS server name set to: %s\n", sname->s); > } > #endif > > Am i missing anything here w.r.t configuration ? or is it a bug ? > which has been fixed in later versions ? Please help !! > > Regards, > Mahesh.B > > > On Thu, Dec 19, 2019 at 5:53 PM mahesh b <[email protected] > <mailto:[email protected]>> wrote: > > Hi, > > Am using Kamailio 5.1.9 version > > > My Setup : client1 -> kamailio server 1 ( IP : 10.211.160.172) > ----> kamailio server 2( IP : 10.211.160.176) -> client2 > > I have a scenario where kamailio server 1 has to initiate an > outgoing tls connection to kamailio server 2, i have set the > server_name and server_id in the client profile in tls.cfg like > below on kamailio server 1 > > [client:default] > verify_certificate = no > require_certificate = no > server_name = mahesh.client.com <http://mahesh.client.com> > > [client:10.211.160.172:5061 <http://10.211.160.172:5061>] > method = TLSv1+ > verify_certificate = yes > require_certificate = yes > private_key = > /root/mahesh_openssl/profile2/btip_172_server_private.key > certificate = /root/mahesh_openssl/profile2/btip_172_server_public.crt > ca_list = /root/mahesh_openssl/profile2/btip_ca_public.crt > cipher_list = RSA > verify_depth = 9 > server_name = btip.176.com <http://btip.176.com> > server_id = btip.176.com <http://btip.176.com> > > And in sar.cfg > > $xavp(tls=>server_name)="btip.176.com <http://btip.176.com>"; > $xavp(tls=>server_id)="btip.176.com <http://btip.176.com>"; > $du = "sip:10.211.160.176:5061;transport=tls"; > .... > t_relay(); > > What i observe is that , when client hello is sent by > 10.211.160.172 to 10.211.160.176, i dont see Extension server_name > being sent. Am i missing anything. Please help ! > > > _______________________________________________ > Kamailio (SER) - Users Mailing List > [email protected] > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users -- Daniel-Constantin Mierla -- www.asipto.com www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio World Conference - April 27-29, 2020, in Berlin -- www.kamailioworld.com
_______________________________________________ Kamailio (SER) - Users Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
