Thanks for the direction! I knew it wasn't related to Kamailio, but I wasn't too sure where to ask for guidance as it seems the libstirshaken library hasn't been updated in a bit. I'll go ahead and try the secsipid module since I'm unable to find and replace all the deprecated functions for libstirshaken/openssl 3.0.

Thanks again! Temi

Not sure if something changed but I was able to compile using this guide a few weeks ago. I'm no expert in these things but it worked recently. Maybe this could help you.

https://www.martinisecurity.com/guides/Deploying%20STIR%20SHAKEN%20with%20Ka...

There was one small hiccup where I had to add a link on one section. It wanted lib but when I compiled Kamailio 5.8 it was a lib64 folder.

On Wed, May 29, 2024, 3:42 PM David Villasmil via sr-users < sr-users@lists.kamailio.org> wrote:

Secsipid works flawlessly, been in production for 3 years already

Regards,

David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337

On Wed, 29 May 2024 at 20:44, tfayomi--- via sr-users < sr-users@lists.kamailio.org> wrote:

...

Thanks for the direction! I knew it wasn't related to Kamailio, but I wasn't too sure where to ask for guidance as it seems the libstirshaken library hasn't been updated in a bit. I'll go ahead and try the secsipid module since I'm unable to find and replace all the deprecated functions for libstirshaken/openssl 3.0.

Thanks again! Temi __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:

---

Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:

I'd recommend libsecsipid over stirshaken. It's more flexible (stirshaken only allows for SHAKEN passports), and from an STI-AS standpoint, it can only append the Identity header to the request, so if you're implementing signing as a redirect server you have to then do a little extra work to extract it. It also seems to get less development attention. If you're running Debian on x86, libsecsipid can be entirely installed from packages as well.

Regards, Kaufman

-----Original Message----- From: Daniel-Constantin Mierla via sr-users sr-users@lists.kamailio.org Sent: Wednesday, May 29, 2024 12:52 AM To: Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org Cc: tfayomi@untangledtechnology.com; Daniel-Constantin Mierla miconda@gmail.com Subject: [SR-Users] Re: libstirshaken installation issues

CAUTION: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Hello,

this looks like related only to the libstirshaken project, nothing to do with Kamailio module. Apparently is about deprecated functions treated as errors, but you have to address the issue to the libstirshaken project.

Alternatively, in Kamailio you can use secsipid module, which also offers STIR/SHAKEN functionality.

Cheers, Daniel

On 28.05.24 23:20, tfayomi--- via sr-users wrote:

Hi All,

I am attempting to install the stirshaken module for kamailio and I ran into a couple issues installing the open source c library for libstirshaken. When I use the make command, I'm getting this error:

src/stir_shaken.c: In function 'stir_shaken_is_key_trusted': src/stir_shaken.c:726:9: error: 'EVP_PKEY_cmp' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations] 726 | if (!EVP_PKEY_cmp(pkey, candidate_pkey)) { | ^~ In file included from /usr/include/openssl/x509.h:29, from /usr/include/openssl/ssl.h:31, from /usr/include/libks2/libks/ks_ssl.h:25, from /usr/include/libks2/libks/ks.h:80, from include/stir_shaken.h:15, from src/stir_shaken.c:1: /usr/include/openssl/evp.h:1418:5: note: declared here 1418 | int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); | ^~~~~~~~~~~~ At top level: cc1: note: unrecognized command-line option '-Wno-gnu-zero-variadic-macro-arguments' may have been intended to silence earlier diagnostics cc1: all warnings being treated as errors make: *** [Makefile:1337: src/stir_shaken.lo] Error 1

I tried going into the stir_shaken file and changing EVP_PKEY_cmp to EVP_PKEY_eq, but it just brings up more deprecation errors. I also tried rolling back the openssl version on my machine to openssl version 1.1 and changing EVP_PKEY_eq back to EVP_PKEY_cmp, but the same error persists. Is there any way to resolve this error, or is there another library that can be used to get the stirshaken module for kamailio?

Thanks in advance, Temi __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:

-- Daniel-Constantin Mierla (@ asipto.com) twitter.com/miconda -- linkedin.com/in/miconda Kamailio Consultancy, Training and Development Services -- asipto.com

__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: