Hi Daniel, I have just create pull request for this change.
https://github.com/kamailio/kamailio/pull/842 -- Best regards, Sergey Basov e-mail: sergey.v.ba...@gmail.com tel: (+38067) 403-62-54 2016-11-01 12:09 GMT+02:00 Daniel-Constantin Mierla <mico...@gmail.com>: > Hello, > > can you open a pull request on github with the patch you propose for the > fix? > > - https://github.com/kamailio/kamailio > > It is easier to review and travis-ci will take care to compile the patch > and be sure it doesn't break latest master version. > > Cheers, > Daniel > > > On 26/10/16 08:59, Sergey Basov wrote: >> Hi Daniel. >> >> After some try to configure kamailio 4.4.3 to act as SPI TLS client >> for Cisco SIP TLS gateways I have found one issue. >> >> If I do client configuration for tls >> >> [client:10.1.23.19:5061] >> verify_certificate = yes >> ca_list = /etc/kamailio/CAs/ca1.pem >> >> [client:10.1.23.29:5061] >> verify_certificate = yes >> ca_list = /etc/kamailio/CAs/ca2.pem >> >> [client:default] >> verify_certificate = no >> require_certificate = no >> >> Kamailo always do default profile selection (I do configuration >> without server_name or server_id, with it kamailio works fine but >> there are some troubles to make selection of this parameters from >> config script, I need additional checks and queries) >> >> after some research in tls module source code I have added some debug >> information in file tls_server.c: >> >> if (c->flags & F_CONN_PASSIVE) { >> state=S_TLS_ACCEPTING; >> dom = tls_lookup_cfg(cfg, TLS_DOMAIN_SRV, >> >> &c->rcv.dst_ip, c->rcv.dst_port, 0, 0); >> } else { >> state=S_TLS_CONNECTING; >> sname = tls_get_connect_server_name(); >> srvid = tls_get_connect_server_id(); >> // ------------------------------------------------------------- >> DBG("Entered client config loockup (c->rcv.dst_port >> %d)\n", c->rcv.dst_port); >> DBG("Entered client config loockup (&c->rcv.dst_ip >> %s)\n", ip_addr2a(&c->rcv.dst_ip)); >> DBG("Entered client config loockup (c->rcv.src_port >> %d)\n", c->rcv.src_port); >> DBG("Entered client config loockup (&c->rcv.src_ip >> %s)\n", ip_addr2a(&c->rcv.src_ip)); >> // ------------------------------------------------------------- >> dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI, >> &c->rcv.dst_ip, >> c->rcv.dst_port, sname, srvid); >> >> } >> >> After making >> Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core> >> [parser/msg_parser.c:597]: parse_msg(): method: <INVITE> >> Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core> >> [parser/msg_parser.c:599]: parse_msg(): uri: >> <sip:9098@10.1.23.19:5061;transport=TLS> >> Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core> >> [parser/msg_parser.c:601]: parse_msg(): version: <SIP/2.0> >> >> I see >> >> Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core> >> [ip_addr.c:229]: print_ip(): tcpconn_new: new tcp connection: >> 10.1.23.19 >> Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core> >> [tcp_main.c:985]: tcpconn_new(): on port 5061, type 3 >> Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: <core> >> [tcp_main.c:1295]: tcpconn_add(): hashes: 1394:0:0, 1 >> Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls >> [tls_server.c:197]: tls_complete_init(): completing tls connection >> initialization >> Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls >> [tls_server.c:160]: tls_get_connect_server_name(): xavp with outbound >> server name not found >> Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls >> [tls_server.c:140]: tls_get_connect_server_id(): xavp with outbound >> server id not found >> Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls >> [tls_server.c:219]: tls_complete_init(): Entered client config loockup >> (c->rcv.dst_port 40123) >> Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls >> [tls_server.c:220]: tls_complete_init(): Entered client config loockup >> (&c->rcv.dst_ip 10.1.23.23) >> Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls >> [tls_server.c:221]: tls_complete_init(): Entered client config loockup >> (c->rcv.src_port 5061) >> Oct 26 09:23:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls >> [tls_server.c:222]: tls_complete_init(): Entered client config loockup >> (&c->rcv.src_ip 10.1.23.19) >> >> Where: >> &c->rcv.dst_ip 10.1.23.23 - it is my local kamailio tls socket ip >> address to make tls connect from >> c->rcv.dst_port 40123 - it is my local kamailio tls socket port >> &c->rcv.src_ip 10.1.23.19 - ip of my TLS device to make tls connection to >> c->rcv.src_port 5061 - port of my TLS device to make tls connection to >> >> so if I change line >> dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI, >> &c->rcv.dst_ip, >> c->rcv.dst_port, sname, srvid); >> to >> dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI, >> &c->rcv.src_ip, >> c->rcv.src_port, sname, srvid); >> >> >> I got correct client domain selection >> >> Oct 26 09:33:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls >> [tls_server.c:233]: tls_complete_init(): Using initial TLS domain >> TLSc<10.1.23.19:5061> (dom 0x7fd2eefa3d68 ctx 0x7fd2ef7e70a8 sn []) >> Oct 26 09:33:56 sip1 /usr/sbin/kamailio[20712]: DEBUG: tls >> [tls_domain.c:703]: sr_ssl_ctx_info_callback(): SSL handshake started >> >> Can you look at this code? >> >> Thank you in advance. >> >> -- >> Best regards, >> Sergey Basov e-mail: sergey.v.ba...@gmail.com >> >> tel: (+38067) 403-62-54 > > -- > Daniel-Constantin Mierla > http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda > Kamailio Advanced Training, Berlin, Nov 28-30, 2016 - http://www.asipto.com > _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
