Daniel,
Ok, i downloaded and installed 1.11.6 just like yours and recompiled, etc. I also changed the owner of the pem file, which was owned by root, and not by the user kamailio.
Now it's working.
d9655} <script>: [STIR/SHAKEN][157428d2-3cc7-123a-eaad-122eaa5d9655] secsipid_add_identity('493044448888', '493055559999', 'A', '', ' http://asipto.lab/stir/cert.pem', '/etc/kamailio/ec256-private.pem') May 31 15:24:08 ip-10-231-32-237 /usr/local/kamailio5/sbin/kamailio[1920]: DEBUG: {1 36683532 INVITE 157428d2-3cc7-123a-eaad-122eaa5d9655} secsipid [secsipid_mod.c:333]: ki_secsipid_add_identity(): appending identity: eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cDovL2FzaXB0by5sYWIvc3Rpci9jZXJ0LnBlbSJ9.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyI0OTMwNTU1NTk5OTkiXX0sImlhdCI6MTYyMjQ3NDY0OCwib3JpZyI6eyJ0biI6IjQ5MzA0NDQ0ODg4OCJ9LCJvcmlnaWQiOiI0YWU3NGE3My01N2Q3LTQzZWMtYjMyOS00NDdiMDg4OWVkYmMifQ.AyxAeNFuthcpJld8osJBj9QVxBnwK91zeo0tEusXrMNNrG2aW8N9Az255qf3UlOIDtm1MmQI_y3-Gz6u57OCQA;info=< http://asipto.lab/stir/cert.pem%3E;alg=ES256;ppt=shaken
But now i¡m left wondering whether it was the ownership of the file or the version.
So i will install again the latest and see what happens.
Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337
On Mon, May 31, 2021 at 2:19 PM David Villasmil < david.villasmil.work@gmail.com> wrote:
Hello Daniel,
Thanks for looking into this:
# go version go version go1.16.4 linux/amd64
# openssl version OpenSSL 1.1.1d 10 Sep 2019 root@sip-stir1:/home/admin# i can try getting the same go version and see what happens.
Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337
On Mon, May 31, 2021 at 2:15 PM Daniel-Constantin Mierla < miconda@gmail.com> wrote:
Hello,
what are your operating system, golang and openssl versions?
I tried on Debian stable and I get the Identity header, see next:
OPTIONS sip:alice@127.0.0.1 SIP/2.0 Via: SIP/2.0/UDP 127.0.0.1;branch=z9hG4bK8eba.da1d50fc272715b1f6dfcd665d319b32.0 Via: SIP/2.0/UDP 127.0.1.1:52897 ;received=127.0.0.1;branch=z9hG4bK.2d35a346;rport=56013;alias From: sip:sipsak@127.0.1.1:52897;tag=219ec22d To: sip:alice@127.0.0.1 Call-ID: 564052525@127.0.1.1 CSeq: 1 OPTIONS Contact: sip:sipsak@127.0.1.1:52897 Content-Length: 0 Max-Forwards: 69 User-Agent: sipsak 0.9.7pre Accept: text/plain Identity: eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly9hc2lwdG8ubGFiL3N0aXIvY2VydC5wZW0ifQ.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyI0OTMwNTU1NTk5OTkiXX0sImlhdCI6MTYyMjQ2NjUyNSwib3JpZyI6eyJ0biI6IjQ5MzA0NDQ0ODg4OCJ9LCJvcmlnaWQiOiJlOWI3Nzc1OC03ZmI3LTQ1ZWQtYWMwOS02MDlmOTM3NjFiOWQifQ.fnLenxEUk5qyKvY2xChbAPS-kvjiRmu8jKqEzlywFt0RnpDAK-ErUBjbR78aRjt66fJIFEdQ_dXvV-qRoxkWzA;info= https://asipto.lab/stir/cert.pem https://asipto.lab/stir/cert.pem ;alg=ES256;ppt=shaken
The OPTIONS was generated with: sipsak -s sip:alice@127.0.0.1
In kamaili.cfg I have:
if(is_method("OPTIONS|INVITE")) { secsipid_add_identity("493044448888", "493055559999", "A", "", "https://asipto.lab/stir/cert.pem" https://asipto.lab/stir/cert.pem, "/tmp/ec256-private.pem");
Versions:
$ go version go version go1.11.6 linux/amd64
$ openssl version OpenSSL 1.1.1d 10 Sep 2019
Cheers, Daniel On 28.05.21 13:05, Daniel-Constantin Mierla wrote:
I will try to reproduce when I get the first chance these days, maybe I broke something while I worked to propagate different return codes for error cases.
One more question for now: are you using the latest libsecsipid, build from the master/main branch of the secsipidx project?
Cheers, Daniel On 28.05.21 10:27, David Villasmil wrote:
Correct. That’s a log with debug 3, absolutely nothing is coming out. :(
On Thu, 27 May 2021 at 20:54, Daniel-Constantin Mierla miconda@gmail.com wrote:
Same logs like with before with previous certificate? Can you attach log messages with debug=3?
Cheers, Daniel On 27.05.21 20:13, David Villasmil wrote:
Yep i just tried that :)
I don't get an error on the CLI:
# secsipidx -sign-full -orig-tn 493044448888 -dest-tn 493055559999 -attest A -x5u http://asipto.lab/stir/cert.pem -k ec256-private.pem
eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cDovL2FzaXB0by5sYWIvc3Rpci9jZXJ0LnBlbSJ9.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyI0OTMwNTU1NTk5OTkiXX0sImlhdCI6MTYyMjEzOTE1Nywib3JpZyI6eyJ0biI6IjQ5MzA0NDQ0ODg4OCJ9LCJvcmlnaWQiOiIxOWE5OWY2ZS1mZWE5LTQyYmEtYmU2ZC1lNDZkNjZkMGIzNjcifQ.64Z_uNPA5frA20nqurHxOD8qLtuvcGeMxmx0ZhBmSWFoeEU53nHSmEWOsAJC5eiJLuIWfVI9HFhJIKyK6PMrcA;info=< http://asipto.lab/stir/cert.pem%3E;alg=ES256;ppt=shaken
But still failing in kamailio...
Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337
On Thu, May 27, 2021 at 7:09 PM Daniel-Constantin Mierla < miconda@gmail.com> wrote:
Hello, On 27.05.21 19:58, David Villasmil wrote:
Hello guys,
I want to test secsipid, but i don't yet have the certificate. So i thought i'd create a cert like:
openssl req -new -newkey rsa:4096 -nodes -keyout snakeoil.key -out snakeoil.csr openssl x509 -req -sha256 -days 365 -in snakeoil.csr -signkey snakeoil.key -out snakeoil.pem
Then i'm simply doing:
$var(rc) = secsipid_add_identity("$fU", "$rU", "A", "", " https://somedomain.com/stir/$rd/cert.pem https://kamailio.org/stir/$rd/cert.pem", "/etc/kamailio/snakeoil.pem"); if ( $var(rc) ) { xlog("L_ERR", "[STIR/SHAKEN][$ci] Shaken authentication added (SIP Identity Header created)\n"); } else { xlog("L_ERR", "[STIR/SHAKEN][$ci] Failed\n"); }
But no matter what i do it silently fails:
INVITE d54c2919-39b6-123a-95a7-0e29a5289b8d} <script>: [STIR/SHAKEN][d54c2919-39b6-123a-95a7-0e29a5289b8d] Failed
I have debug on 6, but i don't get more info regarding the error.
Any ideas?
based on the specs, it should not be the usual ssl/tls certificate, try to generate them using the guidelines at:
Cheers, Daniel
-- Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio Advanced Training - Online - June 7-10, 2021 (America Timezone)
--
Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio Advanced Training - Online - June 7-10, 2021 (America Timezone)
--
Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337
-- Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio Advanced Training - Online - June 7-10, 2021 (America Timezone)
-- Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio Advanced Training - Online - June 7-10, 2021 (America Timezone)