<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <tt>Thank you Alexey,<br>
      <br>
      I will look into it.<br>
      <br>
      Best regards,<br>
    </tt>
    <pre class="moz-signature" cols="72">Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  <a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com">https://www.opensips-solutions.com</a>
OpenSIPS Summit 2019
  <a class="moz-txt-link-freetext" href="https://www.opensips.org/events/Summit-2019Amsterdam/">https://www.opensips.org/events/Summit-2019Amsterdam/</a>
</pre>
    <div class="moz-cite-prefix">On 03/28/2019 10:00 PM, Alexey Vasilyev
      wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:1EB7D3EE-938E-460F-8250-503B6DB518F5@gmail.com">
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
      Hi Bogdan,
      <div class=""><br class="">
      </div>
      <div class="">Sorry that I mentioned He-Who-Must-Not-Be-Named.
        Just to simplify search later: <a
          href="https://github.com/OpenSIPS/opensips/issues/1651"
          class="" moz-do-not-send="true">https://github.com/OpenSIPS/opensips/issues/1651</a></div>
      <br class="">
      <br class="">
      <div class="">
        <span class="Apple-style-span" style="border-collapse: separate;
          color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px;
          font-style: normal; font-variant: normal; font-weight: normal;
          letter-spacing: normal; line-height: normal; orphans: 2;
          text-align: auto; text-indent: 0px; text-transform: none;
          white-space: normal; widows: 2; word-spacing: 0px;
          -webkit-border-horizontal-spacing: 0px;
          -webkit-border-vertical-spacing: 0px;
          -webkit-text-decorations-in-effect: none;
          -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0;
          ">
          <div class="">-----</div>
          <div class="">Alexey Vasilyev</div>
          <div class=""><a href="mailto:alexei.vasilyev@gmail.com"
              class="" moz-do-not-send="true">alexei.vasilyev@gmail.com</a></div>
          <div class=""><br class="">
          </div>
        </span><br class="Apple-interchange-newline">
      </div>
      <br class="">
      <div>
        <blockquote type="cite" class="">
          <div class="">28 Mar 2019, в 16:45, Bogdan-Andrei Iancu <<a
              href="mailto:bogdan@opensips.org" class=""
              moz-do-not-send="true">bogdan@opensips.org</a>>
            написал(а):</div>
          <br class="Apple-interchange-newline">
          <div class="">
            <meta http-equiv="Content-Type" content="text/html;
              charset=utf-8" class="">
            <div bgcolor="#FFFFFF" text="#000000" class=""> <tt
                class="">Hi Alexey,<br class="">
                <br class="">
                oh, if it is MS related, I don't wanna hear about it
                :P.....Just joking - please open a bug report on the
                tracker.<br class="">
                <br class="">
                Regards,<br class="">
              </tt>
              <pre class="moz-signature" cols="72">Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  <a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com/" moz-do-not-send="true">https://www.opensips-solutions.com</a>
OpenSIPS Summit 2019
  <a class="moz-txt-link-freetext" href="https://www.opensips.org/events/Summit-2019Amsterdam/" moz-do-not-send="true">https://www.opensips.org/events/Summit-2019Amsterdam/</a>
</pre>
              <div class="moz-cite-prefix">On 03/28/2019 03:16 PM,
                Alexey Vasilyev wrote:<br class="">
              </div>
              <blockquote type="cite"
cite="mid:CADbQxz3z1ffRSaib5vfS8hmkOdiCgVr=C=sKcrPssc-2wDvxJA@mail.gmail.com"
                class="">
                <div dir="ltr" class="">Hi Bogdan,
                  <div class=""><br class="">
                  </div>
                  <div class="">Yes, of course this is real scenario. MS
                    Teams integration. They authenticate everything by
                    TLS certificates used by connection. It works fine
                    for 1 integration. </div>
                  <div class="">But if I send SIP with domain2 to the
                    TLS connection encrypted with certificate for
                    domain1, I just fail.</div>
                  <div class="">And actually everybody I checked reusing
                    TLS sessions almost the same way as TCP. So OpenSIPS
                    will be the first doing this correct way.</div>
                  <div class="">And I like comments from tls_mgm.c</div>
                  <div class="">
                    <div class=""><span style="font-family:Consolas,"Courier New",monospace;font-size:14px;white-space:pre" class=""><font class="">/* what if we have multiple connections to the same remote socket? e.g. we can have</font></span></div>
                    <div style="font-family:Consolas,"Courier New",monospace;font-size:14px;line-height:19px;white-space:pre" class=""><div style="" class=""><font class="">  connection 1: localIP1:localPort1 <--> remoteIP:remotePort</font></div><div style="" class=""><font class="">  connection 2: localIP2:localPort2 <--> remoteIP:remotePort</font></div><div style="" class=""><font class="">but I think the is very unrealistic */</font></div><font class="">
</font></div>
                  </div>
                  <div class="">So I got exactly this scenario.</div>
                  <div class=""><br class="">
                  </div>
                </div>
                <br class="">
                <div class="gmail_quote">
                  <div dir="ltr" class="gmail_attr">чт, 28 мар. 2019 г.
                    в 13:47, Bogdan-Andrei Iancu <<a
                      href="mailto:bogdan@opensips.org"
                      moz-do-not-send="true" class="">bogdan@opensips.org</a>>:<br
                      class="">
                  </div>
                  <blockquote class="gmail_quote" style="margin:0px 0px
                    0px 0.8ex;border-left:1px solid
                    rgb(204,204,204);padding-left:1ex">Hi Alexey,<br
                      class="">
                    <br class="">
                    It make sense (logically speaking) to get the TLS
                    domain involved in the <br class="">
                    TCP conn re-usage alg - but my question is: have you
                    came across a real <br class="">
                    scenario with such a need ?<br class="">
                    <br class="">
                    Regards,<br class="">
                    <br class="">
                    Bogdan-Andrei Iancu<br class="">
                    <br class="">
                    OpenSIPS Founder and Developer<br class="">
                       <a href="https://www.opensips-solutions.com/"
                      rel="noreferrer" target="_blank"
                      moz-do-not-send="true" class="">https://www.opensips-solutions.com</a><br
                      class="">
                    OpenSIPS Summit 2019<br class="">
                       <a
                      href="https://www.opensips.org/events/Summit-2019Amsterdam/"
                      rel="noreferrer" target="_blank"
                      moz-do-not-send="true" class="">https://www.opensips.org/events/Summit-2019Amsterdam/</a><br
                      class="">
                    <br class="">
                    On 03/26/2019 02:23 PM, vasilevalex wrote:<br
                      class="">
                    > Hi Bogdan,<br class="">
                    ><br class="">
                    > Thanks for fix!<br class="">
                    ><br class="">
                    > What do you think about reusing TLS
                    connections? In master branch this<br class="">
                    > behavior still the same. OpenSIPS reuses TLS
                    connections the same way as<br class="">
                    > regular TCP connections, but it should not. For
                    reusing TCP connection we<br class="">
                    > check, if connection with the same dst IP:PORT
                    exists. But for TLS it is not<br class="">
                    > enough. We additionally should check, what
                    certificate uses this connection<br class="">
                    > (or what domain it is related).<br class="">
                    ><br class="">
                    > And in documentation for tls_mgm module
                    everywhere written: Note: If there<br class="">
                    > is already an existing TLS connection to the
                    remote target, it will be<br class="">
                    > reused and setting this AVP has no effect.<br
                      class="">
                    ><br class="">
                    > This is the same case - we have only 1
                    destination target, but we should use<br class="">
                    > several TLS connections to this target with
                    different TLS certificates. So<br class="">
                    > first connection will be successful, but SIP
                    message for second domain which<br class="">
                    > should use another certificate will try to
                    reuse this first connection, as<br class="">
                    > target is the same. And this message will fail.<br
                      class="">
                    ><br class="">
                    ><br class="">
                    ><br class="">
                    > -----<br class="">
                    > ---<br class="">
                    > Alexey Vasilyev<br class="">
                    > --<br class="">
                    > Sent from: <a
href="http://opensips-open-sip-server.1449251.n2.nabble.com/OpenSIPS-Users-f1449235.html"
                      rel="noreferrer" target="_blank"
                      moz-do-not-send="true" class="">http://opensips-open-sip-server.1449251.n2.nabble.com/OpenSIPS-Users-f1449235.html</a><br
                      class="">
                    ><br class="">
                    > _______________________________________________<br
                      class="">
                    > Users mailing list<br class="">
                    > <a href="mailto:Users@lists.opensips.org"
                      target="_blank" moz-do-not-send="true" class="">Users@lists.opensips.org</a><br
                      class="">
                    > <a
                      href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users"
                      rel="noreferrer" target="_blank"
                      moz-do-not-send="true" class="">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br
                      class="">
                    <br class="">
                  </blockquote>
                </div>
                <br class="" clear="all">
                <div class=""><br class="">
                </div>
                -- <br class="">
                <div dir="ltr" class="gmail_signature">Best regards<br
                    class="">
                  Alexey Vasilyev</div>
              </blockquote>
              <br class="">
            </div>
          </div>
        </blockquote>
      </div>
      <br class="">
    </blockquote>
    <br>
  </body>
</html>