有一个现成的例子:
https://www.mail-archive.com/sr-users@lists.kamailio.org/msg10757.html
tls.cfg内容为:
[client:10.211.160.172:5061]
method = TLSv1+
verify_certificate = yes
require_certificate = yes
private_key = /root/mahesh_openssl/profile2/btip_172_server_private.key
certificate = /root/mahesh_openssl/profile2/btip_172_server_public.crt
ca_list = /root/mahesh_openssl/profile2/btip_ca_public.crt
cipher_list = RSA
verify_depth = 9
server_name = btip.176.com
server_id = btip.176.com
[client:default]
verify_certificate = no
require_certificate = no
server_name = mahesh.client.com
kamailio的listen tls10.211.160.172:5061
kamailio作为tls的客户端现在要向10.211.160.176:5061发消息,代码如下:
...
modparam("tls", "xavp_cfg", "tls")
...
$xavp(tls=>server_name)="btip.176.com";
$xavp(tls[0]=>server_id)="btip.176.com";
# 通过server_name和server_id匹配到tls的profile
$du = "sip:10.211.160.176:5061;transport=tls";
t_relay();