From miconda@gmail.com Fri May 28 13:05:17 2021 From: Daniel-Constantin Mierla To: sr-users@lists.kamailio.org Subject: Re: [SR-Users] STIR/SHAKEN tests Date: Fri, 28 May 2021 13:05:09 +0200 Message-ID: <0e5b41d6-28db-7cbd-08c9-c9b89ccc4ae4@gmail.com> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0303480347==" --===============0303480347== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable I will try to reproduce when I get the first chance these days, maybe I broke something while I worked to propagate different return codes for error cases. One more question for now: are you using the latest libsecsipid, build from the master/main branch of the secsipidx project? Cheers, Daniel On 28.05.21 10:27, David Villasmil wrote: > Correct. > That=E2=80=99s a log with debug 3, absolutely nothing is coming out. :( > > > > On Thu, 27 May 2021 at 20:54, Daniel-Constantin Mierla > > wrote: > > Same logs like with before with previous certificate? Can you > attach log messages with debug=3D3? > > Cheers, > Daniel > > On 27.05.21 20:13, David Villasmil wrote: >> Yep i just tried that :) >> >> I don't get an error on the CLI: >> >> # secsipidx -sign-full -orig-tn 493044448888 -dest-tn >> 493055559999 -attest A -x5u http://asipto.lab/stir/cert.pem >> -k ec256-private.pem >> eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1Ij= oiaHR0cDovL2FzaXB0by5sYWIvc3Rpci9jZXJ0LnBlbSJ9.eyJhdHRlc3QiOiJBIiwiZGVzdCI6ey= J0biI6WyI0OTMwNTU1NTk5OTkiXX0sImlhdCI6MTYyMjEzOTE1Nywib3JpZyI6eyJ0biI6IjQ5MzA= 0NDQ0ODg4OCJ9LCJvcmlnaWQiOiIxOWE5OWY2ZS1mZWE5LTQyYmEtYmU2ZC1lNDZkNjZkMGIzNjci= fQ.64Z_uNPA5frA20nqurHxOD8qLtuvcGeMxmx0ZhBmSWFoeEU53nHSmEWOsAJC5eiJLuIWfVI9HF= hJIKyK6PMrcA;info=3D> >;alg=3DES256;ppt=3Dshaken >> >> But still failing in kamailio... >> >> Regards, >> >> David Villasmil >> email: david.villasmil.work(a)gmail.com >> >> phone: +34669448337 >> >> >> On Thu, May 27, 2021 at 7:09 PM Daniel-Constantin Mierla >> > wrote: >> >> Hello, >> >> On 27.05.21 19:58, David Villasmil wrote: >>> Hello guys, >>> >>> I want to test secsipid, but i don't yet have the >>> certificate. So i thought i'd create a cert like: >>> >>> openssl req -new -newkey rsa:4096 -nodes -keyout >>> snakeoil.key -out snakeoil.csr >>> openssl x509 -req -sha256 -days 365 -in snakeoil.csr >>> -signkey snakeoil.key -out snakeoil.pem >>> >>> Then i'm simply doing: >>> >>> $var(rc) =3D secsipid_add_identity("$fU", "$rU", "A", "", >>> "https://somedomain.com/stir/$rd/cert.pem >>> ", >>> "/etc/kamailio/snakeoil.pem"); >>> if ( $var(rc) ) { >>> =C2=A0 =C2=A0 xlog("L_ERR", "[STIR/SHAKEN][$ci] Shaken authentica= tion >>> added (SIP Identity Header created)\n"); >>> } else { >>> =C2=A0 =C2=A0 xlog("L_ERR", "[STIR/SHAKEN][$ci] Failed\n"); >>> } >>> >>> But no matter what i do it silently fails: >>> >>> INVITE d54c2919-39b6-123a-95a7-0e29a5289b8d}