Thank you Alexey,
I will look into it.
Best regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
OpenSIPS Summit 2019
https://www.opensips.org/events/Summit-2019Amsterdam/
On 03/28/2019 10:00 PM, Alexey Vasilyev wrote:
Hi Bogdan,
Sorry that I mentioned He-Who-Must-Not-Be-Named. Just to simplify
search later: https://github.com/OpenSIPS/opensips/issues/1651
-----
Alexey Vasilyev
alexei.vasil...@gmail.com <mailto:alexei.vasil...@gmail.com>
28 Mar 2019, в 16:45, Bogdan-Andrei Iancu <bog...@opensips.org
<mailto:bog...@opensips.org>> написал(а):
Hi Alexey,
oh, if it is MS related, I don't wanna hear about it :P.....Just
joking - please open a bug report on the tracker.
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
OpenSIPS Summit 2019
https://www.opensips.org/events/Summit-2019Amsterdam/
On 03/28/2019 03:16 PM, Alexey Vasilyev wrote:
Hi Bogdan,
Yes, of course this is real scenario. MS Teams integration. They
authenticate everything by TLS certificates used by connection. It
works fine for 1 integration.
But if I send SIP with domain2 to the TLS connection encrypted with
certificate for domain1, I just fail.
And actually everybody I checked reusing TLS sessions almost the
same way as TCP. So OpenSIPS will be the first doing this correct way.
And I like comments from tls_mgm.c
/* what if we have multiple connections to the same remote socket?
e.g. we can have
connection 1: localIP1:localPort1 <--> remoteIP:remotePort
connection 2: localIP2:localPort2 <--> remoteIP:remotePort
but I think the is very unrealistic */
So I got exactly this scenario.
чт, 28 мар. 2019 г. в 13:47, Bogdan-Andrei Iancu
<bog...@opensips.org <mailto:bog...@opensips.org>>:
Hi Alexey,
It make sense (logically speaking) to get the TLS domain
involved in the
TCP conn re-usage alg - but my question is: have you came across
a real
scenario with such a need ?
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
<https://www.opensips-solutions.com/>
OpenSIPS Summit 2019
https://www.opensips.org/events/Summit-2019Amsterdam/
On 03/26/2019 02:23 PM, vasilevalex wrote:
> Hi Bogdan,
>
> Thanks for fix!
>
> What do you think about reusing TLS connections? In master
branch this
> behavior still the same. OpenSIPS reuses TLS connections the
same way as
> regular TCP connections, but it should not. For reusing TCP
connection we
> check, if connection with the same dst IP:PORT exists. But for
TLS it is not
> enough. We additionally should check, what certificate uses
this connection
> (or what domain it is related).
>
> And in documentation for tls_mgm module everywhere written:
Note: If there
> is already an existing TLS connection to the remote target, it
will be
> reused and setting this AVP has no effect.
>
> This is the same case - we have only 1 destination target, but
we should use
> several TLS connections to this target with different TLS
certificates. So
> first connection will be successful, but SIP message for
second domain which
> should use another certificate will try to reuse this first
connection, as
> target is the same. And this message will fail.
>
>
>
> -----
> ---
> Alexey Vasilyev
> --
> Sent from:
http://opensips-open-sip-server.1449251.n2.nabble.com/OpenSIPS-Users-f1449235.html
>
> _______________________________________________
> Users mailing list
> Users@lists.opensips.org <mailto:Users@lists.opensips.org>
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
--
Best regards
Alexey Vasilyev
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
