Thanks for the info, Klaus. Right now we're working on the 0.9 release, so I'll see if I can do it afterwards. Cheers Benny On Tue, Jun 24, 2008 at 11:35 AM, Klaus Darilion <klaus.mailinglists at pernau.at> wrote: > Hi Benny. I have implemented the server_name extension in openser. You > can test by sending SIP requests to my test proxy: > > The test proxy is listening on IP 88.198.163.205 port 5061 and port 6061. > > Port 5061 has configured 3 "virtual" sites: > tls-a.deepsec.pernau.at > tls-b.deepsec.pernau.at > tls-c.deepsec.pernau.at > > If the TLS client does not present a server_name or it presents a > non-matching servername the certificate tls.deepsec.pernau.at will be > presented. > > Port 6061 has also configured 3 "virtual" sites: > tls-1.deepsec.pernau.at > tls-2.deepsec.pernau.at > tls-3.deepsec.pernau.at > > If the TLS client does not present a server_name or it presents a > non-matching servername the certificate tls.deepsec.pernau.at will be > presented. > > If the TLS handshake succeeds, you can send any SIP request and the > server should response with "400, p=PROTOCOL, sni=SERVER_NAME". > > If the server does not respond anymore, just wait a few seconds (maybe I > have rebooted it). If it does not respond for some minutes then you like > crashed the proxy. Then you should send me an email so that I will > analyze the core dump ;-) > > regards > Klaus > > PS: You can test the server_name stuff also with Firebird browser, e.g.: > https://tls-c.deepsec.pernau.at:5061/ > >