<div dir="ltr">Thanks both, will do.<br><div><br></div><div>Mark.</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 1 Mar 2022 at 09:56, Vlad Patrascu <<a href="mailto:vladp@opensips.org">vladp@opensips.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<div>
<p>Hi Mark,</p>
<p>We are aware of this limitation with wolfssl, and do plan to
address it somehow but we have not found a straight-forward
solution yet. Keep an eye on the feature request Ovidiu mentioned.</p>
<p>Regards,</p>
<pre cols="72">--
Vlad Patrascu
OpenSIPS Core Developer
<a href="http://www.opensips-solutions.com" target="_blank">http://www.opensips-solutions.com</a></pre>
<div>On 28.02.2022 10:50, Mark Farmer wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Thanks Ovidiu, that is great information.<br>
<div><br>
</div>
<div>I am using wolfssl as that seems to be the way to go these
days.</div>
<div>I wonder given the rising popularity of Direct Routing if
it would be possible/sensible to have wolfsssl populate the
$tls_peer_subject_cn variable in the future?</div>
<div><br>
</div>
<div>Mark.</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, 25 Feb 2022 at 17:32,
Ovidiu Sas <<a href="mailto:osas@voipembedded.com" target="_blank">osas@voipembedded.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">With
MS, you can authenticate based on $tls_peer_subject_cn. This<br>
works ok with openssl but not with wolfssl. When wolfssl is
using<br>
session tickets to establish new connections, the
$tls_peer_subject_cn<br>
is not populated.<br>
Another alternative is to perform a lookup for each request
received<br>
over a tls connection using the ip.resolve transformation and
enable<br>
dbs_cache to help a little bit. It's messy but it works.<br>
<br>
-ovidiu<br>
<br>
On Fri, Feb 25, 2022 at 6:51 AM Mark Farmer <<a href="mailto:farmorg@gmail.com" target="_blank">farmorg@gmail.com</a>>
wrote:<br>
><br>
> Thanks Bogdan<br>
><br>
> It's no secret really, I was just speaking generically.<br>
> They are the MS Direct Routing domains, EG <a href="http://sip.pstnhub.microsoft.com" rel="noreferrer" target="_blank">sip.pstnhub.microsoft.com</a><br>
><br>
> Mark.<br>
><br>
><br>
><br>
> On Tue, 22 Feb 2022 at 12:50, Bogdan-Andrei Iancu <<a href="mailto:bogdan@opensips.org" target="_blank">bogdan@opensips.org</a>>
wrote:<br>
>><br>
>> Hi Mark,<br>
>><br>
>> You say the DNS is publishing only one IP for the
domain, but one may change ? If you want, you can PM me the
actual domain to see how the DNS records looks like.<br>
>><br>
>> Regards,<br>
>><br>
>> Bogdan-Andrei Iancu<br>
>><br>
>> OpenSIPS Founder and Developer<br>
>> <a href="https://www.opensips-solutions.com" rel="noreferrer" target="_blank">https://www.opensips-solutions.com</a><br>
>> OpenSIPS eBootcamp<br>
>> <a href="https://www.opensips.org/Training/Bootcamp" rel="noreferrer" target="_blank">https://www.opensips.org/Training/Bootcamp</a><br>
>><br>
>> On 2/22/22 12:31 PM, Mark Farmer wrote:<br>
>><br>
>> Hi Bogdan<br>
>><br>
>> The GW's have 2 CNAME records which I have no control
over. DR has entries like <a href="http://subdomain.example.com:5061" rel="noreferrer" target="_blank">subdomain.example.com:5061</a><br>
>> I suspect the issue arises when the CNAMES swap
around resulting in a mismatch.<br>
>><br>
>> Currently I am using this to identify the source of
the message which is probably not the best in terms of
security.<br>
>><br>
>> $avp(fd) = "<a href="http://subdomain.example.com" rel="noreferrer" target="_blank">subdomain.example.com</a>";<br>
>> if($(ct.fields(uri){s.index, $avp(fd)}) != NULL)<br>
>><br>
>> Perhaps there is a better way?<br>
>><br>
>> Best regards<br>
>> Mark.<br>
>><br>
>><br>
>><br>
>> On Tue, 22 Feb 2022 at 08:56, Bogdan-Andrei Iancu
<<a href="mailto:bogdan@opensips.org" target="_blank">bogdan@opensips.org</a>>
wrote:<br>
>>><br>
>>> Hi Mark,<br>
>>><br>
>>> If a gw is defined via FQDN, that will by DNS
resolved (NAPTR, SRV, A records) when DB data is (re)loaded by
DR module, and used later for such checks. All found IPs (from
DNS) will be stored on the GW.<br>
>>><br>
>>> How do you specify the GW address in DB and what
kind of DNS records do you have for it ?<br>
>>><br>
>>> Best regards,<br>
>>><br>
>>> Bogdan-Andrei Iancu<br>
>>><br>
>>> OpenSIPS Founder and Developer<br>
>>> <a href="https://www.opensips-solutions.com" rel="noreferrer" target="_blank">https://www.opensips-solutions.com</a><br>
>>> OpenSIPS eBootcamp<br>
>>> <a href="https://www.opensips.org/Training/Bootcamp" rel="noreferrer" target="_blank">https://www.opensips.org/Training/Bootcamp</a><br>
>>><br>
>>> On 2/18/22 6:04 PM, Mark Farmer wrote:<br>
>>><br>
>>> Hi everyone<br>
>>><br>
>>> I am using is_from_gw() to match against a group
of gateways specified by DNS names which resolve to multiple
IP addresses but it seems to be failing to match.<br>
>>><br>
>>> Is this supported functionality or do I need to
do something else in this case?<br>
>>><br>
>>> Thanks and regards<br>
>>> Mark.<br>
>>><br>
>>><br>
>>> _______________________________________________<br>
>>> Users mailing list<br>
>>> <a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
>>> <a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
>>><br>
>>><br>
>><br>
>><br>
>> --<br>
>> Mark Farmer<br>
>> <a href="mailto:farmorg@gmail.com" target="_blank">farmorg@gmail.com</a><br>
>><br>
>><br>
><br>
><br>
> --<br>
> Mark Farmer<br>
> <a href="mailto:farmorg@gmail.com" target="_blank">farmorg@gmail.com</a><br>
> _______________________________________________<br>
> Users mailing list<br>
> <a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
> <a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br>
<br>
<br>
-- <br>
VoIP Embedded, Inc.<br>
<a href="http://www.voipembedded.com" rel="noreferrer" target="_blank">http://www.voipembedded.com</a><br>
<br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</blockquote>
</div>
<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr">Mark Farmer<br>
<a href="mailto:farmorg@gmail.com" target="_blank">farmorg@gmail.com</a></div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
Users mailing list
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
</div>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature">Mark Farmer<br><a href="mailto:farmorg@gmail.com" target="_blank">farmorg@gmail.com</a></div>