Feature Request: TLS server name indication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Jun 24, 2008 at 10:35 AM, Klaus Darilion
<klaus.mailinglists at pernau.at> wrote:
>
> Hi Benny. I have implemented the server_name extension in openser. You
> can test by sending SIP requests to my test proxy:
>

Okay I've done this, in http://trac.pjsip.org/repos/ticket/552. With
pjsua just add --tls-srv-name=NAME option. I've tested with your
server, it seems to be working for port 6061 but not on port 5061 (got
negotiation failure).

Cheers
 Benny


> The test proxy is listening on IP 88.198.163.205 port 5061 and port 6061.
>
> Port 5061 has configured 3 "virtual" sites:
> tls-a.deepsec.pernau.at
> tls-b.deepsec.pernau.at
> tls-c.deepsec.pernau.at
>
> If the TLS client does not present a server_name or it presents a
> non-matching servername the certificate tls.deepsec.pernau.at will be
> presented.
>
> Port 6061 has also configured 3 "virtual" sites:
> tls-1.deepsec.pernau.at
> tls-2.deepsec.pernau.at
> tls-3.deepsec.pernau.at
>
> If the TLS client does not present a server_name or it presents a
> non-matching servername the certificate tls.deepsec.pernau.at will be
> presented.
>
> If the TLS handshake succeeds, you can send any SIP request and the
> server should response with "400, p=PROTOCOL, sni=SERVER_NAME".
>
> If the server does not respond anymore, just wait a few seconds (maybe I
> have rebooted it). If it does not respond for some minutes then you like
> crashed the proxy. Then you should send me an email so that I will
> analyze the core dump ;-)
>
> regards
> Klaus
>
> PS: You can test the server_name stuff also with Firebird browser, e.g.:
> https://tls-c.deepsec.pernau.at:5061/
>
>
>
>>
>> Cheers
>>  Benny
>>
>>>  regards
>>>  klaus
>>>
>>>  [1]
>>>  http://howtoforge.com/enable-multiple-https-sites-on-one-ip-using-tls-extensions-on-debian-etch
>>>  [2] https://sni.velox.ch/
>>>
>>
>> _______________________________________________
>> Visit our blog: http://blog.pjsip.org
>>
>> pjsip mailing list
>> pjsip at lists.pjsip.org
>> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
>
>
> _______________________________________________
> Visit our blog: http://blog.pjsip.org
>
> pjsip mailing list
> pjsip at lists.pjsip.org
> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
>
[Index of Archives]     [Asterisk Users]     [Asterisk App Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [Linux API]
  Powered by Linux