There is a feature request for it: https://github.com/OpenSIPS/opensips/issues/2736
-ovidiu On Mon, Feb 28, 2022 at 3:51 AM Mark Farmer <farm...@gmail.com> wrote: > > Thanks Ovidiu, that is great information. > > I am using wolfssl as that seems to be the way to go these days. > I wonder given the rising popularity of Direct Routing if it would be > possible/sensible to have wolfsssl populate the $tls_peer_subject_cn variable > in the future? > > Mark. > > > > > > On Fri, 25 Feb 2022 at 17:32, Ovidiu Sas <o...@voipembedded.com> wrote: >> >> With MS, you can authenticate based on $tls_peer_subject_cn. This >> works ok with openssl but not with wolfssl. When wolfssl is using >> session tickets to establish new connections, the $tls_peer_subject_cn >> is not populated. >> Another alternative is to perform a lookup for each request received >> over a tls connection using the ip.resolve transformation and enable >> dbs_cache to help a little bit. It's messy but it works. >> >> -ovidiu >> >> On Fri, Feb 25, 2022 at 6:51 AM Mark Farmer <farm...@gmail.com> wrote: >> > >> > Thanks Bogdan >> > >> > It's no secret really, I was just speaking generically. >> > They are the MS Direct Routing domains, EG sip.pstnhub.microsoft.com >> > >> > Mark. >> > >> > >> > >> > On Tue, 22 Feb 2022 at 12:50, Bogdan-Andrei Iancu <bog...@opensips.org> >> > wrote: >> >> >> >> Hi Mark, >> >> >> >> You say the DNS is publishing only one IP for the domain, but one may >> >> change ? If you want, you can PM me the actual domain to see how the DNS >> >> records looks like. >> >> >> >> Regards, >> >> >> >> Bogdan-Andrei Iancu >> >> >> >> OpenSIPS Founder and Developer >> >> https://www.opensips-solutions.com >> >> OpenSIPS eBootcamp >> >> https://www.opensips.org/Training/Bootcamp >> >> >> >> On 2/22/22 12:31 PM, Mark Farmer wrote: >> >> >> >> Hi Bogdan >> >> >> >> The GW's have 2 CNAME records which I have no control over. DR has >> >> entries like subdomain.example.com:5061 >> >> I suspect the issue arises when the CNAMES swap around resulting in a >> >> mismatch. >> >> >> >> Currently I am using this to identify the source of the message which is >> >> probably not the best in terms of security. >> >> >> >> $avp(fd) = "subdomain.example.com"; >> >> if($(ct.fields(uri){s.index, $avp(fd)}) != NULL) >> >> >> >> Perhaps there is a better way? >> >> >> >> Best regards >> >> Mark. >> >> >> >> >> >> >> >> On Tue, 22 Feb 2022 at 08:56, Bogdan-Andrei Iancu <bog...@opensips.org> >> >> wrote: >> >>> >> >>> Hi Mark, >> >>> >> >>> If a gw is defined via FQDN, that will by DNS resolved (NAPTR, SRV, A >> >>> records) when DB data is (re)loaded by DR module, and used later for >> >>> such checks. All found IPs (from DNS) will be stored on the GW. >> >>> >> >>> How do you specify the GW address in DB and what kind of DNS records do >> >>> you have for it ? >> >>> >> >>> Best regards, >> >>> >> >>> Bogdan-Andrei Iancu >> >>> >> >>> OpenSIPS Founder and Developer >> >>> https://www.opensips-solutions.com >> >>> OpenSIPS eBootcamp >> >>> https://www.opensips.org/Training/Bootcamp >> >>> >> >>> On 2/18/22 6:04 PM, Mark Farmer wrote: >> >>> >> >>> Hi everyone >> >>> >> >>> I am using is_from_gw() to match against a group of gateways specified >> >>> by DNS names which resolve to multiple IP addresses but it seems to be >> >>> failing to match. >> >>> >> >>> Is this supported functionality or do I need to do something else in >> >>> this case? >> >>> >> >>> Thanks and regards >> >>> Mark. >> >>> >> >>> >> >>> _______________________________________________ >> >>> Users mailing list >> >>> Users@lists.opensips.org >> >>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> >>> >> >>> >> >> >> >> >> >> -- >> >> Mark Farmer >> >> farm...@gmail.com >> >> >> >> >> > >> > >> > -- >> > Mark Farmer >> > farm...@gmail.com >> > _______________________________________________ >> > Users mailing list >> > Users@lists.opensips.org >> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> >> >> >> -- >> VoIP Embedded, Inc. >> http://www.voipembedded.com >> >> _______________________________________________ >> Users mailing list >> Users@lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > -- > Mark Farmer > farm...@gmail.com > _______________________________________________ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users -- VoIP Embedded, Inc. http://www.voipembedded.com _______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users