This is excellent news. The support for service side connections is good enough for me. I will test and let you know if i face any problems.
Thank you very much for your help and cooperation. On Tue, Feb 17, 2015 at 12:38 AM, Daniel-Constantin Mierla < mico...@gmail.com> wrote: > Hello, > > the SNI (server name indication) support was available in kamailio v1.5 > and then lost when the code was integrated with ser. It was on my to-do to > re-add it but no time for it in the past. I just pushed a partial patch > that allows to set a server_name for each TLS server domain (context) > configured in the tls.cfg, like: > > [server:127.0.0.1:5061] > method = TLSv1 > ... > server_name = localhost.loc > > > [server:127.0.0.1:5061] > method = TLSv1 > ... > server_name = localhost1.loc > > So far I had the time to add only for server side -- when Kamailio is > accepting a TLS connection, should be able to select the context with > server_name matching the one advertised by the client. > > Soon I will add the option to set the server name for connections that are > opened by kamailio towards other tls nodes. > > Because it is impossible to know if the client will present a SNI, > kamailio first selects the context based only on ip:port matching and once > the SNI callback is executed, will switch to the appropriate one. Given > that there can be more contexts for same ip:port, the last one matching in > tls.cfg is selected first time. If no server name is matching after SNI > callback, the the 'default' server context is selected. > > I did just basic testing so far with SIP registration, therefore proper > testing would be required on your side and feedback will be very > appreciated. > > Cheers, > Daniel > > > > On 12/02/15 15:15, Muhammad Shahzad wrote: > > Hi, > > I want to deploy a kamailio v4.2.x setup with multiple domains, all > resolve to same IPv4 address kamailio is listening on. I am bit confused > about how to configure TLS certificates using tls config file as mentioned > here, > > http://kamailio.org/docs/modules/4.2.x/modules/tls.html#tls.p.config > > The documentation states that, > > -- > If set the TLS module will load a special config file or config files from > config directory, in which different TLS parameters can be specified on a > per role (server or client) and domain basis (*for now only IPs*). The > corresponding module parameters will be ignored. > -- > > since all domains resolve single IP, so i assume i can specify only one > section in tls config file with pair of key/pem file path. How can i > specify more server certificates for same ip but with different domains? > > Thank you. > > > > > _______________________________________________ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing > listsr-us...@lists.sip-router.orghttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users > > > -- > Daniel-Constantin Mierlahttp://twitter.com/#!/miconda - > http://www.linkedin.com/in/miconda > Kamailio World Conference, May 27-29, 2015 > Berlin, Germany - http://www.kamailioworld.com > >
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
