[sr-dev] [kamailio/kamailio] stirshaken: Properly handle intermediary/chain certificates when caching certificates (PR #3289)
mrtrev
notifications at github.com
Tue Dec 13 02:02:56 CET 2022
Hi @piotrgregor
The whole reason I started digging into this is precisely because I was seeing this in Kamailio logs
ERROR: stirshaken [stirshaken_mod.c:488]: ki_stirshaken_check_identity(): SIP Identity Header did not pass verification
ERROR: stirshaken [stirshaken_mod.c:560]: ki_stirshaken_check_identity(): identity check: fail
Upon investigation I determined this happened any time a certificate was cached that relied on a chain. The first call will succeed but any subsequent calls fail until the cached certificate expires or is manually deleted. Then the next call will validate ok, but subsequent calls fail.
This happens today with 5.6.2 on my unpatched machine.
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/3289#issuecomment-1347596878
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/pull/3289/c1347596878 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20221212/bd538f94/attachment.htm>
More information about the sr-dev
mailing list