[OpenSIPS-Users] Control TLS client domain

vasilevalex alexei.vasilyev at gmail.com
Tue Mar 26 08:23:43 EDT 2019


Hi Bogdan,

Thanks for fix!

What do you think about reusing TLS connections? In master branch this
behavior still the same. OpenSIPS reuses TLS connections the same way as
regular TCP connections, but it should not. For reusing TCP connection we
check, if connection with the same dst IP:PORT exists. But for TLS it is not
enough. We additionally should check, what certificate uses this connection
(or what domain it is related).

And in documentation for tls_mgm module everywhere written: Note: If there
is already an existing TLS connection to the remote target, it will be
reused and setting this AVP has no effect.

This is the same case - we have only 1 destination target, but we should use
several TLS connections to this target with different TLS certificates. So
first connection will be successful, but SIP message for second domain which
should use another certificate will try to reuse this first connection, as
target is the same. And this message will fail.



-----
---
Alexey Vasilyev
--
Sent from: http://opensips-open-sip-server.1449251.n2.nabble.com/OpenSIPS-Users-f1449235.html



More information about the Users mailing list