Re: [sr-dev] [kamailio/kamailio] stirshaken: Properly handle intermediary/chain certificates when caching certificates (PR #3289)

13 Dec 2022

Hi @piotrgregor 

The whole reason I started digging into this is precisely because I was seeing this in
Kamailio logs

ERROR: stirshaken [stirshaken_mod.c:488]: ki_stirshaken_check_identity(): SIP Identity
Header did not pass verification
ERROR: stirshaken [stirshaken_mod.c:560]: ki_stirshaken_check_identity(): identity check:
fail

Upon investigation I determined this happened any time a certificate was cached that
relied on a chain.  The first call will succeed but any subsequent calls fail until the
cached certificate expires or is manually deleted.  Then the next call will validate ok,
but subsequent calls fail.

This happens today with 5.6.2 on my unpatched machine.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/3289#issuecomment-1347596878
You are receiving this because you are subscribed to this thread.

Message ID: &lt;kamailio/kamailio/pull/3289/c1347596878(a)github.com&gt;

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Re: [sr-dev] [kamailio/kamailio] stirshaken: Properly handle intermediary/chain certificates when caching certificates (PR #3289)