From david.villasmil.work@gmail.com Thu May 27 20:13:17 2021 From: David Villasmil To: sr-users@lists.kamailio.org Subject: Re: [SR-Users] STIR/SHAKEN tests Date: Thu, 27 May 2021 19:13:03 +0100 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0809283222==" --===============0809283222== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Yep i just tried that :) I don't get an error on the CLI: # secsipidx -sign-full -orig-tn 493044448888 -dest-tn 493055559999 -attest A -x5u http://asipto.lab/stir/cert.pem -k ec256-private.pem eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0c= DovL2FzaXB0by5sYWIvc3Rpci9jZXJ0LnBlbSJ9.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6W= yI0OTMwNTU1NTk5OTkiXX0sImlhdCI6MTYyMjEzOTE1Nywib3JpZyI6eyJ0biI6IjQ5MzA0NDQ0OD= g4OCJ9LCJvcmlnaWQiOiIxOWE5OWY2ZS1mZWE5LTQyYmEtYmU2ZC1lNDZkNjZkMGIzNjcifQ.64Z_= uNPA5frA20nqurHxOD8qLtuvcGeMxmx0ZhBmSWFoeEU53nHSmEWOsAJC5eiJLuIWfVI9HFhJIKyK6= PMrcA;info=3D< http://asipto.lab/stir/cert.pem>;alg=3DES256;ppt=3Dshaken But still failing in kamailio... Regards, David Villasmil email: david.villasmil.work(a)gmail.com phone: +34669448337 On Thu, May 27, 2021 at 7:09 PM Daniel-Constantin Mierla wrote: > Hello, > On 27.05.21 19:58, David Villasmil wrote: > > Hello guys, > > I want to test secsipid, but i don't yet have the certificate. So i > thought i'd create a cert like: > > openssl req -new -newkey rsa:4096 -nodes -keyout snakeoil.key -out > snakeoil.csr > openssl x509 -req -sha256 -days 365 -in snakeoil.csr -signkey snakeoil.key > -out snakeoil.pem > > Then i'm simply doing: > > $var(rc) =3D secsipid_add_identity("$fU", "$rU", "A", "", " > https://somedomain.com/stir/$rd/cert.pem > ", "/etc/kamailio/snakeoil.pem"); > if ( $var(rc) ) { > xlog("L_ERR", "[STIR/SHAKEN][$ci] Shaken authentication added (SIP > Identity Header created)\n"); > } else { > xlog("L_ERR", "[STIR/SHAKEN][$ci] Failed\n"); > } > > But no matter what i do it silently fails: > > INVITE d54c2919-39b6-123a-95a7-0e29a5289b8d}