[SR-Users] STIR/SHAKEN tests

Daniel-Constantin Mierla miconda at gmail.com
Fri May 28 13:05:09 CEST 2021 

I will try to reproduce when I get the first chance these days, maybe I
broke something while I worked to propagate different return codes for
error cases.

One more question for now: are you using the latest libsecsipid, build
from the master/main branch of the secsipidx project?

Cheers,
Daniel

On 28.05.21 10:27, David Villasmil wrote:
> Correct.
> That’s a log with debug 3, absolutely nothing is coming out. :(
>
>
>
> On Thu, 27 May 2021 at 20:54, Daniel-Constantin Mierla
> <miconda at gmail.com <mailto:miconda at gmail.com>> wrote:
>
>     Same logs like with before with previous certificate? Can you
>     attach log messages with debug=3?
>
>     Cheers,
>     Daniel
>
>     On 27.05.21 20:13, David Villasmil wrote:
>>     Yep i just tried that :)
>>
>>     I don't get an error on the CLI:
>>
>>     # secsipidx -sign-full -orig-tn 493044448888 -dest-tn
>>     493055559999 -attest A -x5u http://asipto.lab/stir/cert.pem
>>     <http://asipto.lab/stir/cert.pem> -k ec256-private.pem
>>     eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cDovL2FzaXB0by5sYWIvc3Rpci9jZXJ0LnBlbSJ9.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyI0OTMwNTU1NTk5OTkiXX0sImlhdCI6MTYyMjEzOTE1Nywib3JpZyI6eyJ0biI6IjQ5MzA0NDQ0ODg4OCJ9LCJvcmlnaWQiOiIxOWE5OWY2ZS1mZWE5LTQyYmEtYmU2ZC1lNDZkNjZkMGIzNjcifQ.64Z_uNPA5frA20nqurHxOD8qLtuvcGeMxmx0ZhBmSWFoeEU53nHSmEWOsAJC5eiJLuIWfVI9HFhJIKyK6PMrcA;info=<http://asipto.lab/stir/cert.pem
>>     <http://asipto.lab/stir/cert.pem>>;alg=ES256;ppt=shaken
>>
>>     But still failing in kamailio...
>>
>>     Regards,
>>
>>     David Villasmil
>>     email: david.villasmil.work at gmail.com
>>     <mailto:david.villasmil.work at gmail.com>
>>     phone: +34669448337
>>
>>
>>     On Thu, May 27, 2021 at 7:09 PM Daniel-Constantin Mierla
>>     <miconda at gmail.com <mailto:miconda at gmail.com>> wrote:
>>
>>         Hello,
>>
>>         On 27.05.21 19:58, David Villasmil wrote:
>>>         Hello guys,
>>>
>>>         I want to test secsipid, but i don't yet have the
>>>         certificate. So i thought i'd create a cert like:
>>>
>>>         openssl req -new -newkey rsa:4096 -nodes -keyout
>>>         snakeoil.key -out snakeoil.csr
>>>         openssl x509 -req -sha256 -days 365 -in snakeoil.csr
>>>         -signkey snakeoil.key -out snakeoil.pem
>>>
>>>         Then i'm simply doing:
>>>
>>>         $var(rc) = secsipid_add_identity("$fU", "$rU", "A", "",
>>>         "https://somedomain.com/stir/$rd/cert.pem
>>>         <https://kamailio.org/stir/$rd/cert.pem>",
>>>         "/etc/kamailio/snakeoil.pem");
>>>         if ( $var(rc) ) {
>>>             xlog("L_ERR", "[STIR/SHAKEN][$ci] Shaken authentication
>>>         added (SIP Identity Header created)\n");
>>>         } else {
>>>             xlog("L_ERR", "[STIR/SHAKEN][$ci] Failed\n");
>>>         }
>>>
>>>         But no matter what i do it silently fails:
>>>
>>>         INVITE d54c2919-39b6-123a-95a7-0e29a5289b8d} <script>:
>>>         [STIR/SHAKEN][d54c2919-39b6-123a-95a7-0e29a5289b8d] Failed
>>>
>>>         I have debug on 6, but i don't get more info regarding the
>>>         error.
>>>
>>>         Any ideas?
>>
>>         based on the specs, it should not be the usual ssl/tls
>>         certificate, try to generate them using the guidelines at:
>>
>>           * https://github.com/asipto/secsipidx#keys-generation
>>         <https://github.com/asipto/secsipidx#keys-generation>
>>
>>         Cheers,
>>         Daniel
>>
>>         -- 
>>         Daniel-Constantin Mierla -- www.asipto.com <http://www.asipto.com>
>>         www.twitter.com/miconda <http://www.twitter.com/miconda> -- www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda>
>>         Kamailio Advanced Training - Online - June 7-10, 2021 (America Timezone)
>>           * https://www.asipto.com/sw/kamailio-advanced-training-online/ <https://www.asipto.com/sw/kamailio-advanced-training-online/>
>>
>     -- 
>     Daniel-Constantin Mierla -- www.asipto.com <http://www.asipto.com>
>     www.twitter.com/miconda <http://www.twitter.com/miconda> -- www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda>
>     Kamailio Advanced Training - Online - June 7-10, 2021 (America Timezone)
>       * https://www.asipto.com/sw/kamailio-advanced-training-online/ <https://www.asipto.com/sw/kamailio-advanced-training-online/>
>
> -- 
> Regards,
>
> David Villasmil
> email: david.villasmil.work at gmail.com
> <mailto:david.villasmil.work at gmail.com>
> phone: +34669448337

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - Online - June 7-10, 2021 (America Timezone)
  * https://www.asipto.com/sw/kamailio-advanced-training-online/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20210528/1014b021/attachment.htm>

More information about the sr-users mailing list