The issue seems to be the client implementation not providing server name
indication.
The way it works is finding first a server profile by matching the ip and port
(which is not actually used at that moment) and registering a callback for SNI,
which is executed and searches for a profile matching the server_name. However,
there is no SNI from the client based on the last log message next:
```
Jun 25 15:43:51 kamailio-dev /usr/sbin/kamailio[9344]: DEBUG: tls
[tls_server.c:199]: tls_complete_init(): completing tls connection
initialization
Jun 25 15:43:51 kamailio-dev /usr/sbin/kamailio[9344]: DEBUG: tls
[tls_server.c:228]: tls_complete_init(): Using initial TLS domain
TLSs<172.16.30.205:5061> (dom 0x7fc8bcce7fd8 ctx 0x7fc8bcf945b0 sn
[first.my-domain.com])
Jun 25 15:43:51 kamailio-dev /usr/sbin/kamailio[9344]: DEBUG: tls
[tls_domain.c:724]: sr_ssl_ctx_info_callback(): SSL handshake started
Jun 25 15:43:51 kamailio-dev /usr/sbin/kamailio[9344]: DEBUG: tls
[tls_domain.c:927]: tls_server_name_cb(): SSL_get_servername returned NULL:
return SSL_TLSEXT_ERR_NOACK
```
So, SSL_get_servername() didn't returned a server name from the SSL context,
meaning that the client didn't provide any.
Can you try with s_client from openssl, something like:
```
openssl s_client -servername myservername.com -tlsextdebug -connect
mykamailio.ip:5061
```
and watch the logs to see what is printed there?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1574#issuecomment-400056680
_______________________________________________
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
