Thanks a lot for advice Daniel.

I tried secsipid and it's working fine. But I didn't find some functionality that the stirshaken module has:

modparam("stirshaken", "vs_verify_x509_cert_path", 1)
modparam("stirshaken", "vs_ca_dir", "/etc/kamailio/stir_CA")
modparam("stirshaken", "vs_crl_dir", "/etc/kamailio/CRL")

Does secsipid have verifying of x509 cert path using CA  ? Also does it have the possibility to check cert in CRL ?

Thank you





On Tue, 4 Apr 2023 at 08:48, Daniel-Constantin Mierla <miconda@gmail.com> wrote:
Hello,

I cannot help with stirshaken module, not being involved in its
development, but I could suggest to try the secsipid module, which I
wrote and I can fix bugs if any is reported. secsipid offers stir/shaken
functionality as well.

Cheers,
Daniel

On 03.04.23 18:31, Yuriy Nasida wrote:
> Hello,
>
> It's kamailio 5.6.4.
>
> I can say that there is no segfault in case Identity is OK but bad
> attempts sometimes are the reason for segfault. Not sure I can
> duplicate but it happens several times per day.
>
> Please look at logs.
>
> in messages:
> Apr  3 09:40:02 kam1 kernel: [6381565.762987] kamailio[9141]: segfault
> at 746c75616665 ip 00007f20c4cab6df sp 00007ffe7ec51470 error 4 in
> libcrypto.so.1.1[7f20c4c3b000+19e000]
>
> kamailio.log:
> Apr  3 09:40:02 kam1 kamailio[9141]: NOTICE: <script>: it is INVITE
> with Identity. Lets check Identity
> Apr  3 09:40:02 kam1 kamailio[9141]: CRITICAL: <core>
> [core/mem/q_malloc.c:501]: qm_free(): BUG: bad pointer
> 0x645f6d6574737973 (out of memory block!) called from tls: tls_init.c:
> ser_free(323) - ignoring
> Apr  3 09:40:02 kam1 kamailio[9182]: CRITICAL: <core>
> [core/pass_fd.c:277]: receive_fd(): EOF on 53
> Apr  3 09:40:02 kam1 kamailio[9100]: ALERT: <core> [main.c:774]:
> handle_sigs(): child process 9141 exited by a signal 11
> Apr  3 09:40:02 kam1 kamailio[9100]: ALERT: <core> [main.c:777]:
> handle_sigs(): core was not generated
> Apr  3 09:40:02 kam1 kamailio[9100]: CRITICAL: <core>
> [core/mem/q_malloc.c:501]: qm_free(): BUG: bad pointer
> 0x645f6d6574737973 (out of memory block!) called from tls: tls_init.c:
> ser_free(323) - ignoring
>
>
> loadmodule "stirshaken.so"
>
> ####### STIRSHAKEN ######
> modparam("stirshaken", "vs_verify_x509_cert_path", 1)
> modparam("stirshaken", "vs_ca_dir", "/etc/kamailio/stir_CA")
> #modparam("stirshaken", "vs_crl_dir", "/etc/kamailio/CRL")
> modparam("stirshaken", "as_default_key",
> "/etc/kamailio/key/private_key.pem")
> modparam("stirshaken", "vs_cache_certificates", 1)
> modparam("stirshaken", "vs_cache_dir", "/tmp/cert_cache")
> modparam("stirshaken", "vs_cache_expire_s", 100)
>
>
>        if (is_method("INVITE") && is_present_hf("Identity")) {
>                xlog("L_NOTICE", "it is INVITE with Identity. Lets
> check Identity\n");
>                if (1 == stirshaken_check_identity()) {
>                       xlog("L_NOTICE", "Shaken Identity is OK\n");
>                } else {
>                        xlog("L_NOTICE", "Shaken Identity is invalid\n");
>                }
>        }
>
>
> Please give me some advice.
>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
> To unsubscribe send an email to sr-users-leave@lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to the sender!
> Edit mailing list options or unsubscribe:

--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio World Conference - June 5-7, 2023 - www.kamailioworld.com