原文请参考这里:
https://github.com/kamailio/kamailio/issues/1574
老实说我之前没看懂
但经过反复研究现在终于明白了
tls.cfg内容如下:
[server:default]
method = TLSv1.2
method = SSLv23
require_certificate = yes
verify_certificate = yes
private_key = /var/kamailio/certificates/default/server/key.pem
certificate = /var/kamailio/certificates/default/server/cert.pem
ca_list = /var/kamailio/certificates/default/CA/cert.pem
[server:172.16.30.205:5061]
method = SSLv23
require_certificate = yes
verify_certificate = yes
private_key = /var/kamailio/certificates/first.my-domain.com/server/key.pem
certificate = /var/kamailio/certificates/first.my-domain.com/server/cert.pem
ca_list = /var/kamailio/certificates/first.my-domain.com/CA/cert.pem
server_name = "first.my-domain.com"
[server:172.16.30.205:5061]
method = SSLv23
require_certificate = yes
verify_certificate = yes
private_key = /var/kamailio/certificates/second.my-domain.com/server/key.pem
certificate = /var/kamailio/certificates/second.my-domain.com/server/cert.pem
ca_list = /var/kamailio/certificates/second.my-domain.com/CA/cert.pem
server_name = "second.my-domain.com"
这里有三个profile
其中第一个不用管(其他的profile匹配失败之后,采用默认的profile)
第二个和第三个绑定相同的地址和端口(172.16.30.205:5061),但证书不同,server_name也不同
原作者有2个sip ua, 第一个sip ua部署了first.my-domain.com的证书,第二个sip ua部署了second.my-domain.com的证书
但这根本行不通,因为sip ua在协议层面给不了sni(server_name )