<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hello,<br>
<br>
the SNI (server name indication) support was available in kamailio
v1.5 and then lost when the code was integrated with ser. It was on
my to-do to re-add it but no time for it in the past. I just pushed
a partial patch that allows to set a server_name for each TLS server
domain (context) configured in the tls.cfg, like:<br>
<br>
[server:127.0.0.1:5061]<br>
method = TLSv1<br>
...<br>
server_name = localhost.loc<br>
<br>
<br>
[server:127.0.0.1:5061]<br>
method = TLSv1<br>
...<br>
server_name = localhost1.loc<br>
<br>
So far I had the time to add only for server side -- when Kamailio
is accepting a TLS connection, should be able to select the context
with server_name matching the one advertised by the client.<br>
<br>
Soon I will add the option to set the server name for connections
that are opened by kamailio towards other tls nodes.<br>
<br>
Because it is impossible to know if the client will present a SNI,
kamailio first selects the context based only on ip:port matching
and once the SNI callback is executed, will switch to the
appropriate one. Given that there can be more contexts for same
ip:port, the last one matching in tls.cfg is selected first time. If
no server name is matching after SNI callback, the the 'default'
server context is selected.<br>
<br>
I did just basic testing so far with SIP registration, therefore
proper testing would be required on your side and feedback will be
very appreciated.<br>
<br>
Cheers,<br>
Daniel<br>
<br>
<br>
<div class="moz-cite-prefix">On 12/02/15 15:15, Muhammad Shahzad
wrote:<br>
</div>
<blockquote
cite="mid:CAFZQphzE-3vxX80tvErqWvzr1--DUYDaJLjY64YGw6_9un7fVw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>
<div>
<div>Hi,<br>
<br>
</div>
I want to deploy a kamailio v4.2.x setup with multiple
domains, all resolve to same IPv4 address kamailio is
listening on. I am bit confused about how to configure TLS
certificates using tls config file as mentioned here,<br>
<br>
<a moz-do-not-send="true"
href="http://kamailio.org/docs/modules/4.2.x/modules/tls.html#tls.p.config">http://kamailio.org/docs/modules/4.2.x/modules/tls.html#tls.p.config</a><br>
<br>
</div>
The documentation states that,<br>
<br>
--<br>
If set the TLS module will load a special config file or
config files from config directory, in which different TLS
parameters can be specified on a per role (server or client)
and domain basis (<span style="color:rgb(255,0,0)"><b>for
now only IPs</b></span>). The corresponding module
parameters will be ignored. <br>
--<br>
<br>
</div>
since all domains resolve single IP, so i assume i can specify
only one section in tls config file with pair of key/pem file
path. How can i specify more server certificates for same ip
but with different domains?<br>
<br>
</div>
Thank you.<br>
<div><br>
<br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>
<a class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla
<a class="moz-txt-link-freetext" href="http://twitter.com/#!/miconda">http://twitter.com/#!/miconda</a> - <a class="moz-txt-link-freetext" href="http://www.linkedin.com/in/miconda">http://www.linkedin.com/in/miconda</a>
Kamailio World Conference, May 27-29, 2015
Berlin, Germany - <a class="moz-txt-link-freetext" href="http://www.kamailioworld.com">http://www.kamailioworld.com</a></pre>
</body>
</html>