Hi Benny! I tested it and it works fine. Also on port 5061. Maybe you tested with tls-a.deepsec.pernau.at - this TLS domain was configured to require a client certificate, thus the handshake failed? thanks Klaus Benny Prijono schrieb: > On Tue, Jun 24, 2008 at 10:35 AM, Klaus Darilion > <klaus.mailinglists at pernau.at> wrote: >> Hi Benny. I have implemented the server_name extension in openser. You >> can test by sending SIP requests to my test proxy: >> > > Okay I've done this, in http://trac.pjsip.org/repos/ticket/552. With > pjsua just add --tls-srv-name=NAME option. I've tested with your > server, it seems to be working for port 6061 but not on port 5061 (got > negotiation failure). > > Cheers > Benny > > >> The test proxy is listening on IP 88.198.163.205 port 5061 and port 6061. >> >> Port 5061 has configured 3 "virtual" sites: >> tls-a.deepsec.pernau.at >> tls-b.deepsec.pernau.at >> tls-c.deepsec.pernau.at >> >> If the TLS client does not present a server_name or it presents a >> non-matching servername the certificate tls.deepsec.pernau.at will be >> presented. >> >> Port 6061 has also configured 3 "virtual" sites: >> tls-1.deepsec.pernau.at >> tls-2.deepsec.pernau.at >> tls-3.deepsec.pernau.at >> >> If the TLS client does not present a server_name or it presents a >> non-matching servername the certificate tls.deepsec.pernau.at will be >> presented. >> >> If the TLS handshake succeeds, you can send any SIP request and the >> server should response with "400, p=PROTOCOL, sni=SERVER_NAME". >> >> If the server does not respond anymore, just wait a few seconds (maybe I >> have rebooted it). If it does not respond for some minutes then you like >> crashed the proxy. Then you should send me an email so that I will >> analyze the core dump ;-) >> >> regards >> Klaus >> >> PS: You can test the server_name stuff also with Firebird browser, e.g.: >> https://tls-c.deepsec.pernau.at:5061/ >> >> >> >>> Cheers >>> Benny >>> >>>> regards >>>> klaus >>>> >>>> [1] >>>> http://howtoforge.com/enable-multiple-https-sites-on-one-ip-using-tls-extensions-on-debian-etch >>>> [2] https://sni.velox.ch/ >>>> >>> _______________________________________________ >>> Visit our blog: http://blog.pjsip.org >>> >>> pjsip mailing list >>> pjsip at lists.pjsip.org >>> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org >> >> _______________________________________________ >> Visit our blog: http://blog.pjsip.org >> >> pjsip mailing list >> pjsip at lists.pjsip.org >> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org >> > > _______________________________________________ > Visit our blog: http://blog.pjsip.org > > pjsip mailing list > pjsip at lists.pjsip.org > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
