28 May
2024
28 May
'24
11:20 p.m.
Hi All,
I am attempting to install the stirshaken module for kamailio and I ran into a couple
issues installing the open source c library for libstirshaken. When I use the make
command, I'm getting this error:
src/stir_shaken.c: In function 'stir_shaken_is_key_trusted':
src/stir_shaken.c:726:9: error: 'EVP_PKEY_cmp' is deprecated: Since OpenSSL 3.0
[-Werror=deprecated-declarations]
726 | if (!EVP_PKEY_cmp(pkey, candidate_pkey)) {
| ^~
In file included from /usr/include/openssl/x509.h:29,
from /usr/include/openssl/ssl.h:31,
from /usr/include/libks2/libks/ks_ssl.h:25,
from /usr/include/libks2/libks/ks.h:80,
from include/stir_shaken.h:15,
from src/stir_shaken.c:1:
/usr/include/openssl/evp.h:1418:5: note: declared here
1418 | int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
| ^~~~~~~~~~~~
At top level:
cc1: note: unrecognized command-line option
'-Wno-gnu-zero-variadic-macro-arguments' may have been intended to silence earlier
diagnostics
cc1: all warnings being treated as errors
make: *** [Makefile:1337: src/stir_shaken.lo] Error 1
I tried going into the stir_shaken file and changing EVP_PKEY_cmp to EVP_PKEY_eq, but it
just brings up more deprecation errors. I also tried rolling back the openssl version on
my machine to openssl version 1.1 and changing EVP_PKEY_eq back to EVP_PKEY_cmp, but the
same error persists. Is there any way to resolve this error, or is there another library
that can be used to get the stirshaken module for kamailio?
Thanks in advance,
Temi
29 May
29 May
7:52 a.m.
Hello,
this looks like related only to the libstirshaken project, nothing to do
with Kamailio module. Apparently is about deprecated functions treated
as errors, but you have to address the issue to the libstirshaken project.
Alternatively, in Kamailio you can use secsipid module, which also
offers STIR/SHAKEN functionality.
Cheers,
Daniel
On 28.05.24 23:20, tfayomi--- via sr-users wrote:
Hi All,
I am attempting to install the stirshaken module for kamailio and I ran into a couple
issues installing the open source c library for libstirshaken. When I use the make
command, I'm getting this error:
src/stir_shaken.c: In function 'stir_shaken_is_key_trusted':
src/stir_shaken.c:726:9: error: 'EVP_PKEY_cmp' is deprecated: Since OpenSSL 3.0
[-Werror=deprecated-declarations]
726 | if (!EVP_PKEY_cmp(pkey, candidate_pkey)) {
| ^~
In file included from /usr/include/openssl/x509.h:29,
from /usr/include/openssl/ssl.h:31,
from /usr/include/libks2/libks/ks_ssl.h:25,
from /usr/include/libks2/libks/ks.h:80,
from include/stir_shaken.h:15,
from src/stir_shaken.c:1:
/usr/include/openssl/evp.h:1418:5: note: declared here
1418 | int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
| ^~~~~~~~~~~~
At top level:
cc1: note: unrecognized command-line option
'-Wno-gnu-zero-variadic-macro-arguments' may have been intended to silence earlier
diagnostics
cc1: all warnings being treated as errors
make: *** [Makefile:1337: src/stir_shaken.lo] Error 1
I tried going into the stir_shaken file and changing EVP_PKEY_cmp to EVP_PKEY_eq, but it
just brings up more deprecation errors. I also tried rolling back the openssl version on
my machine to openssl version 1.1 and changing EVP_PKEY_eq back to EVP_PKEY_cmp, but the
same error persists. Is there any way to resolve this error, or is there another library
that can be used to get the stirshaken module for kamailio?
Thanks in advance,
Temi
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
--
Daniel-Constantin Mierla (@ asipto.com)
twitter.com/miconda -- linkedin.com/in/miconda
Kamailio Consultancy, Training and Development Services -- asipto.com
8:21 p.m.
Thanks for the direction! I knew it wasn't related to Kamailio, but I wasn't too
sure where to ask for guidance as it seems the libstirshaken library hasn't been
updated in a bit. I'll go ahead and try the secsipid module since I'm unable to
find and replace all the deprecated functions for libstirshaken/openssl 3.0.
Thanks again!
Temi
9:18 p.m.
Secsipid works flawlessly, been in production for 3 years already
Regards,
David Villasmil
email: david.villasmil.work(a)gmail.com
phone: +34669448337
On Wed, 29 May 2024 at 20:44, tfayomi--- via sr-users <
sr-users(a)lists.kamailio.org> wrote:
Thanks for the direction! I knew it wasn't related
to Kamailio, but I
wasn't too sure where to ask for guidance as it seems the libstirshaken
library hasn't been updated in a bit. I'll go ahead and try the secsipid
module since I'm unable to find and replace all the deprecated functions
for libstirshaken/openssl 3.0.
Thanks again!
Temi
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
9:56 p.m.
Not sure if something changed but I was able to compile using this guide a
few weeks ago. I'm no expert in these things but it worked recently. Maybe
this could help you.
https://www.martinisecurity.com/guides/Deploying%20STIR%20SHAKEN%20with%20K…
There was one small hiccup where I had to add a link on one section. It
wanted lib but when I compiled Kamailio 5.8 it was a lib64 folder.
On Wed, May 29, 2024, 3:42 PM David Villasmil via sr-users <
sr-users(a)lists.kamailio.org> wrote:
Secsipid works flawlessly, been in production for 3
years already
Regards,
David Villasmil
email: david.villasmil.work(a)gmail.com
phone: +34669448337
On Wed, 29 May 2024 at 20:44, tfayomi--- via sr-users <
sr-users(a)lists.kamailio.org> wrote:
Thanks for the direction! I knew it wasn't
related to Kamailio, but I
wasn't too sure where to ask for guidance as it seems the libstirshaken
library hasn't been updated in a bit. I'll go ahead and try the secsipid
module since I'm unable to find and replace all the deprecated functions
for libstirshaken/openssl 3.0.
Thanks again!
Temi
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
29 May
29 May
8:32 p.m.
I'd recommend libsecsipid over stirshaken. It's more flexible (stirshaken only
allows for SHAKEN passports), and from an STI-AS standpoint, it can only append the
Identity header to the request, so if you're implementing signing as a redirect server
you have to then do a little extra work to extract it. It also seems to get less
development attention. If you're running Debian on x86, libsecsipid can be entirely
installed from packages as well.
Regards,
Kaufman
-----Original Message-----
From: Daniel-Constantin Mierla via sr-users <sr-users(a)lists.kamailio.org>
Sent: Wednesday, May 29, 2024 12:52 AM
To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
Cc: tfayomi(a)untangledtechnology.com; Daniel-Constantin Mierla <miconda(a)gmail.com>
Subject: [SR-Users] Re: libstirshaken installation issues
CAUTION: This email originated from outside the organization. Do not click links or open
attachments unless you recognize the sender and know the content is safe.
Hello,
this looks like related only to the libstirshaken project, nothing to do with Kamailio
module. Apparently is about deprecated functions treated as errors, but you have to
address the issue to the libstirshaken project.
Alternatively, in Kamailio you can use secsipid module, which also offers STIR/SHAKEN
functionality.
Cheers,
Daniel
On 28.05.24 23:20, tfayomi--- via sr-users wrote:
Hi All,
I am attempting to install the stirshaken module for kamailio and I ran into a couple
issues installing the open source c library for libstirshaken. When I use the make
command, I'm getting this error:
src/stir_shaken.c: In function 'stir_shaken_is_key_trusted':
src/stir_shaken.c:726:9: error: 'EVP_PKEY_cmp' is deprecated: Since OpenSSL 3.0
[-Werror=deprecated-declarations]
726 | if (!EVP_PKEY_cmp(pkey, candidate_pkey)) {
| ^~
In file included from /usr/include/openssl/x509.h:29,
from /usr/include/openssl/ssl.h:31,
from /usr/include/libks2/libks/ks_ssl.h:25,
from /usr/include/libks2/libks/ks.h:80,
from include/stir_shaken.h:15,
from src/stir_shaken.c:1:
/usr/include/openssl/evp.h:1418:5: note: declared here
1418 | int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
| ^~~~~~~~~~~~
At top level:
cc1: note: unrecognized command-line option
'-Wno-gnu-zero-variadic-macro-arguments' may have been intended to
silence earlier diagnostics
cc1: all warnings being treated as errors
make: *** [Makefile:1337: src/stir_shaken.lo] Error 1
I tried going into the stir_shaken file and changing EVP_PKEY_cmp to EVP_PKEY_eq, but it
just brings up more deprecation errors. I also tried rolling back the openssl version on
my machine to openssl version 1.1 and changing EVP_PKEY_eq back to EVP_PKEY_cmp, but the
same error persists. Is there any way to resolve this error, or is there another library
that can be used to get the stirshaken module for kamailio?
Thanks in advance,
Temi
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions To
unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
--
Daniel-Constantin Mierla (@ asipto.com)
twitter.com/miconda -- linkedin.com/in/miconda Kamailio Consultancy, Training and
Development Services -- asipto.com
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to
sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
30 May
30 May
8:07 p.m.
I ended up going with secsipid and it installed pretty painlessly. Thanks again for all
your help everyone, I was able to get the module loaded.
Best,
Temi
157
days inactive
159
days old
7 comments
6 participants
participants (6)
-
Alex Balashov -
Ben Kaufman -
Blake Ivey -
Daniel-Constantin Mierla -
David Villasmil -
tfayomi@untangledtechnology.com