This leads me to a question: How can I use the server_name extension from pjsua-API? Does the server_name have to be filled manually? IMO it should be automatically set to the domain of the next hop (except it is an IP address). regards klaus Klaus Darilion schrieb: > Hi Benny! > > I tested it and it works fine. Also on port 5061. Maybe you tested with > tls-a.deepsec.pernau.at - this TLS domain was configured to require a > client certificate, thus the handshake failed? > > thanks > Klaus > > Benny Prijono schrieb: >> On Tue, Jun 24, 2008 at 10:35 AM, Klaus Darilion >> <klaus.mailinglists at pernau.at> wrote: >>> Hi Benny. I have implemented the server_name extension in openser. You >>> can test by sending SIP requests to my test proxy: >>> >> Okay I've done this, in http://trac.pjsip.org/repos/ticket/552. With >> pjsua just add --tls-srv-name=NAME option. I've tested with your >> server, it seems to be working for port 6061 but not on port 5061 (got >> negotiation failure). >> >> Cheers >> Benny >> >> >>> The test proxy is listening on IP 88.198.163.205 port 5061 and port 6061. >>> >>> Port 5061 has configured 3 "virtual" sites: >>> tls-a.deepsec.pernau.at >>> tls-b.deepsec.pernau.at >>> tls-c.deepsec.pernau.at >>> >>> If the TLS client does not present a server_name or it presents a >>> non-matching servername the certificate tls.deepsec.pernau.at will be >>> presented. >>> >>> Port 6061 has also configured 3 "virtual" sites: >>> tls-1.deepsec.pernau.at >>> tls-2.deepsec.pernau.at >>> tls-3.deepsec.pernau.at >>> >>> If the TLS client does not present a server_name or it presents a >>> non-matching servername the certificate tls.deepsec.pernau.at will be >>> presented. >>> >>> If the TLS handshake succeeds, you can send any SIP request and the >>> server should response with "400, p=PROTOCOL, sni=SERVER_NAME". >>> >>> If the server does not respond anymore, just wait a few seconds (maybe I >>> have rebooted it). If it does not respond for some minutes then you like >>> crashed the proxy. Then you should send me an email so that I will >>> analyze the core dump ;-) >>> >>> regards >>> Klaus >>> >>> PS: You can test the server_name stuff also with Firebird browser, e.g.: >>> https://tls-c.deepsec.pernau.at:5061/ >>> >>> >>> >>>> Cheers >>>> Benny >>>> >>>>> regards >>>>> klaus >>>>> >>>>> [1] >>>>> http://howtoforge.com/enable-multiple-https-sites-on-one-ip-using-tls-extensions-on-debian-etch >>>>> [2] https://sni.velox.ch/ >>>>> >>>> _______________________________________________ >>>> Visit our blog: http://blog.pjsip.org >>>> >>>> pjsip mailing list >>>> pjsip at lists.pjsip.org >>>> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org >>> _______________________________________________ >>> Visit our blog: http://blog.pjsip.org >>> >>> pjsip mailing list >>> pjsip at lists.pjsip.org >>> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org >>> >> _______________________________________________ >> Visit our blog: http://blog.pjsip.org >> >> pjsip mailing list >> pjsip at lists.pjsip.org >> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org > > _______________________________________________ > Visit our blog: http://blog.pjsip.org > > pjsip mailing list > pjsip at lists.pjsip.org > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
