<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>Hi Mark,</p>
    <p>We are aware of this limitation with wolfssl, and do plan to
      address it somehow but we have not found a straight-forward
      solution yet. Keep an eye on the feature request Ovidiu mentioned.</p>
    <p>Regards,</p>
    <pre class="moz-signature" cols="72">-- 
Vlad Patrascu
OpenSIPS Core Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
    <div class="moz-cite-prefix">On 28.02.2022 10:50, Mark Farmer wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CAOvQDeuSNjhJbUGESwgZ9M03sCSpiQPeUsR4TrL6OVhmGN3gEg@mail.gmail.com">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div dir="ltr">Thanks Ovidiu, that is great information.<br>
        <div><br>
        </div>
        <div>I am using wolfssl as that seems to be the way to go these
          days.</div>
        <div>I wonder given the rising popularity of Direct Routing if
          it would be possible/sensible to have wolfsssl populate the
          $tls_peer_subject_cn variable in the future?</div>
        <div><br>
        </div>
        <div>Mark.</div>
        <div><br>
        </div>
        <div><br>
        </div>
        <div><br>
        </div>
        <div><br>
        </div>
      </div>
      <br>
      <div class="gmail_quote">
        <div dir="ltr" class="gmail_attr">On Fri, 25 Feb 2022 at 17:32,
          Ovidiu Sas <<a href="mailto:osas@voipembedded.com"
            moz-do-not-send="true" class="moz-txt-link-freetext">osas@voipembedded.com</a>>
          wrote:<br>
        </div>
        <blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">With
          MS, you can authenticate based on $tls_peer_subject_cn. This<br>
          works ok with openssl but not with wolfssl. When wolfssl is
          using<br>
          session tickets to establish new connections, the
          $tls_peer_subject_cn<br>
          is not populated.<br>
          Another alternative is to perform a lookup for each request
          received<br>
          over a tls connection using the ip.resolve transformation and
          enable<br>
          dbs_cache to help a little bit. It's messy but it works.<br>
          <br>
          -ovidiu<br>
          <br>
          On Fri, Feb 25, 2022 at 6:51 AM Mark Farmer <<a
            href="mailto:farmorg@gmail.com" target="_blank"
            moz-do-not-send="true" class="moz-txt-link-freetext">farmorg@gmail.com</a>>
          wrote:<br>
          ><br>
          > Thanks Bogdan<br>
          ><br>
          > It's no secret really, I was just speaking generically.<br>
          > They are the MS Direct Routing domains, EG <a
            href="http://sip.pstnhub.microsoft.com" rel="noreferrer"
            target="_blank" moz-do-not-send="true">sip.pstnhub.microsoft.com</a><br>
          ><br>
          > Mark.<br>
          ><br>
          ><br>
          ><br>
          > On Tue, 22 Feb 2022 at 12:50, Bogdan-Andrei Iancu <<a
            href="mailto:bogdan@opensips.org" target="_blank"
            moz-do-not-send="true" class="moz-txt-link-freetext">bogdan@opensips.org</a>>
          wrote:<br>
          >><br>
          >> Hi Mark,<br>
          >><br>
          >> You say the DNS is publishing only one IP for the
          domain, but one may change ? If you want, you can PM me the
          actual domain to see how the DNS records looks like.<br>
          >><br>
          >> Regards,<br>
          >><br>
          >> Bogdan-Andrei Iancu<br>
          >><br>
          >> OpenSIPS Founder and Developer<br>
          >>   <a href="https://www.opensips-solutions.com"
            rel="noreferrer" target="_blank" moz-do-not-send="true"
            class="moz-txt-link-freetext">https://www.opensips-solutions.com</a><br>
          >> OpenSIPS eBootcamp<br>
          >>   <a
            href="https://www.opensips.org/Training/Bootcamp"
            rel="noreferrer" target="_blank" moz-do-not-send="true"
            class="moz-txt-link-freetext">https://www.opensips.org/Training/Bootcamp</a><br>
          >><br>
          >> On 2/22/22 12:31 PM, Mark Farmer wrote:<br>
          >><br>
          >> Hi Bogdan<br>
          >><br>
          >> The GW's have 2 CNAME records which I have no control
          over. DR has entries like <a
            href="http://subdomain.example.com:5061" rel="noreferrer"
            target="_blank" moz-do-not-send="true">subdomain.example.com:5061</a><br>
          >> I suspect the issue arises when the CNAMES swap
          around resulting in a mismatch.<br>
          >><br>
          >> Currently I am using this to identify the source of
          the message which is probably not the best in terms of
          security.<br>
          >><br>
          >> $avp(fd) = "<a href="http://subdomain.example.com"
            rel="noreferrer" target="_blank" moz-do-not-send="true">subdomain.example.com</a>";<br>
          >> if($(ct.fields(uri){s.index, $avp(fd)}) != NULL)<br>
          >><br>
          >> Perhaps there is a better way?<br>
          >><br>
          >> Best regards<br>
          >> Mark.<br>
          >><br>
          >><br>
          >><br>
          >> On Tue, 22 Feb 2022 at 08:56, Bogdan-Andrei Iancu
          <<a href="mailto:bogdan@opensips.org" target="_blank"
            moz-do-not-send="true" class="moz-txt-link-freetext">bogdan@opensips.org</a>>
          wrote:<br>
          >>><br>
          >>> Hi Mark,<br>
          >>><br>
          >>> If a gw is defined via FQDN, that will by DNS
          resolved (NAPTR, SRV, A records) when DB data is (re)loaded by
          DR module, and used later for such checks. All found IPs (from
          DNS) will be stored on the GW.<br>
          >>><br>
          >>> How do you specify the GW address in DB and what
          kind of DNS records do you have for it ?<br>
          >>><br>
          >>> Best regards,<br>
          >>><br>
          >>> Bogdan-Andrei Iancu<br>
          >>><br>
          >>> OpenSIPS Founder and Developer<br>
          >>>   <a href="https://www.opensips-solutions.com"
            rel="noreferrer" target="_blank" moz-do-not-send="true"
            class="moz-txt-link-freetext">https://www.opensips-solutions.com</a><br>
          >>> OpenSIPS eBootcamp<br>
          >>>   <a
            href="https://www.opensips.org/Training/Bootcamp"
            rel="noreferrer" target="_blank" moz-do-not-send="true"
            class="moz-txt-link-freetext">https://www.opensips.org/Training/Bootcamp</a><br>
          >>><br>
          >>> On 2/18/22 6:04 PM, Mark Farmer wrote:<br>
          >>><br>
          >>> Hi everyone<br>
          >>><br>
          >>> I am using is_from_gw() to match against a group
          of gateways specified by DNS names which resolve to multiple
          IP addresses but it seems to be failing to match.<br>
          >>><br>
          >>> Is this supported functionality or do I need to
          do something else in this case?<br>
          >>><br>
          >>> Thanks and regards<br>
          >>> Mark.<br>
          >>><br>
          >>><br>
          >>> _______________________________________________<br>
          >>> Users mailing list<br>
          >>> <a href="mailto:Users@lists.opensips.org"
            target="_blank" moz-do-not-send="true"
            class="moz-txt-link-freetext">Users@lists.opensips.org</a><br>
          >>> <a
            href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users"
            rel="noreferrer" target="_blank" moz-do-not-send="true"
            class="moz-txt-link-freetext">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
          >>><br>
          >>><br>
          >><br>
          >><br>
          >> --<br>
          >> Mark Farmer<br>
          >> <a href="mailto:farmorg@gmail.com" target="_blank"
            moz-do-not-send="true" class="moz-txt-link-freetext">farmorg@gmail.com</a><br>
          >><br>
          >><br>
          ><br>
          ><br>
          > --<br>
          > Mark Farmer<br>
          > <a href="mailto:farmorg@gmail.com" target="_blank"
            moz-do-not-send="true" class="moz-txt-link-freetext">farmorg@gmail.com</a><br>
          > _______________________________________________<br>
          > Users mailing list<br>
          > <a href="mailto:Users@lists.opensips.org"
            target="_blank" moz-do-not-send="true"
            class="moz-txt-link-freetext">Users@lists.opensips.org</a><br>
          > <a
            href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users"
            rel="noreferrer" target="_blank" moz-do-not-send="true"
            class="moz-txt-link-freetext">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
          <br>
          <br>
          <br>
          -- <br>
          VoIP Embedded, Inc.<br>
          <a href="http://www.voipembedded.com" rel="noreferrer"
            target="_blank" moz-do-not-send="true"
            class="moz-txt-link-freetext">http://www.voipembedded.com</a><br>
          <br>
          _______________________________________________<br>
          Users mailing list<br>
          <a href="mailto:Users@lists.opensips.org" target="_blank"
            moz-do-not-send="true" class="moz-txt-link-freetext">Users@lists.opensips.org</a><br>
          <a
            href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users"
            rel="noreferrer" target="_blank" moz-do-not-send="true"
            class="moz-txt-link-freetext">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
        </blockquote>
      </div>
      <br clear="all">
      <div><br>
      </div>
      -- <br>
      <div dir="ltr" class="gmail_signature">Mark Farmer<br>
        <a href="mailto:farmorg@gmail.com" target="_blank"
          moz-do-not-send="true" class="moz-txt-link-freetext">farmorg@gmail.com</a></div>
      <br>
      <fieldset class="moz-mime-attachment-header"></fieldset>
      <pre class="moz-quote-pre" wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
    </blockquote>
  </body>
</html>