<div dir="ltr"><div><div>This is excellent news. The support for service side connections is good enough for me. I will test and let you know if i face any problems.<br><br></div>Thank you very much for your help and cooperation.<br><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Feb 17, 2015 at 12:38 AM, Daniel-Constantin Mierla <span dir="ltr"><<a href="mailto:miconda@gmail.com" target="_blank">miconda@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Hello,<br>
<br>
the SNI (server name indication) support was available in kamailio
v1.5 and then lost when the code was integrated with ser. It was on
my to-do to re-add it but no time for it in the past. I just pushed
a partial patch that allows to set a server_name for each TLS server
domain (context) configured in the tls.cfg, like:<br>
<br>
[server:<a href="http://127.0.0.1:5061" target="_blank">127.0.0.1:5061</a>]<br>
method = TLSv1<br>
...<br>
server_name = localhost.loc<br>
<br>
<br>
[server:<a href="http://127.0.0.1:5061" target="_blank">127.0.0.1:5061</a>]<br>
method = TLSv1<br>
...<br>
server_name = localhost1.loc<br>
<br>
So far I had the time to add only for server side -- when Kamailio
is accepting a TLS connection, should be able to select the context
with server_name matching the one advertised by the client.<br>
<br>
Soon I will add the option to set the server name for connections
that are opened by kamailio towards other tls nodes.<br>
<br>
Because it is impossible to know if the client will present a SNI,
kamailio first selects the context based only on ip:port matching
and once the SNI callback is executed, will switch to the
appropriate one. Given that there can be more contexts for same
ip:port, the last one matching in tls.cfg is selected first time. If
no server name is matching after SNI callback, the the 'default'
server context is selected.<br>
<br>
I did just basic testing so far with SIP registration, therefore
proper testing would be required on your side and feedback will be
very appreciated.<br>
<br>
Cheers,<br>
Daniel<div><div class="h5"><br>
<br>
<br>
<div>On 12/02/15 15:15, Muhammad Shahzad
wrote:<br>
</div>
</div></div><blockquote type="cite"><div><div class="h5">
<div dir="ltr">
<div>
<div>
<div>
<div>Hi,<br>
<br>
</div>
I want to deploy a kamailio v4.2.x setup with multiple
domains, all resolve to same IPv4 address kamailio is
listening on. I am bit confused about how to configure TLS
certificates using tls config file as mentioned here,<br>
<br>
<a href="http://kamailio.org/docs/modules/4.2.x/modules/tls.html#tls.p.config" target="_blank">http://kamailio.org/docs/modules/4.2.x/modules/tls.html#tls.p.config</a><br>
<br>
</div>
The documentation states that,<br>
<br>
--<br>
If set the TLS module will load a special config file or
config files from config directory, in which different TLS
parameters can be specified on a per role (server or client)
and domain basis (<span style="color:rgb(255,0,0)"><b>for
now only IPs</b></span>). The corresponding module
parameters will be ignored. <br>
--<br>
<br>
</div>
since all domains resolve single IP, so i assume i can specify
only one section in tls config file with pair of key/pem file
path. How can i specify more server certificates for same ip
but with different domains?<br>
<br>
</div>
Thank you.<br>
<div><br>
<br>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
<a href="mailto:sr-users@lists.sip-router.org" target="_blank">sr-users@lists.sip-router.org</a>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><span class="HOEnZb"><font color="#888888">
</font></span></pre><span class="HOEnZb"><font color="#888888">
</font></span></blockquote><span class="HOEnZb"><font color="#888888">
<br>
<pre cols="72">--
Daniel-Constantin Mierla
<a href="http://twitter.com/#!/miconda" target="_blank">http://twitter.com/#!/miconda</a> - <a href="http://www.linkedin.com/in/miconda" target="_blank">http://www.linkedin.com/in/miconda</a>
Kamailio World Conference, May 27-29, 2015
Berlin, Germany - <a href="http://www.kamailioworld.com" target="_blank">http://www.kamailioworld.com</a></pre>
</font></span></div>
</blockquote></div><br></div>