Hello, what are your operating system, golang and openssl versions?
I tried on Debian stable and I get the Identity header, see next: OPTIONS sip:[email protected] SIP/2.0 Via: SIP/2.0/UDP 127.0.0.1;branch=z9hG4bK8eba.da1d50fc272715b1f6dfcd665d319b32.0 Via: SIP/2.0/UDP 127.0.1.1:52897;received=127.0.0.1;branch=z9hG4bK.2d35a346;rport=56013;alias From: sip:[email protected]:52897;tag=219ec22d To: sip:[email protected] Call-ID: [email protected] CSeq: 1 OPTIONS Contact: sip:[email protected]:52897 Content-Length: 0 Max-Forwards: 69 User-Agent: sipsak 0.9.7pre Accept: text/plain Identity: eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly9hc2lwdG8ubGFiL3N0aXIvY2VydC5wZW0ifQ.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyI0OTMwNTU1NTk5OTkiXX0sImlhdCI6MTYyMjQ2NjUyNSwib3JpZyI6eyJ0biI6IjQ5MzA0NDQ0ODg4OCJ9LCJvcmlnaWQiOiJlOWI3Nzc1OC03ZmI3LTQ1ZWQtYWMwOS02MDlmOTM3NjFiOWQifQ.fnLenxEUk5qyKvY2xChbAPS-kvjiRmu8jKqEzlywFt0RnpDAK-ErUBjbR78aRjt66fJIFEdQ_dXvV-qRoxkWzA;info=<https://asipto.lab/stir/cert.pem>;alg=ES256;ppt=shaken The OPTIONS was generated with: sipsak -s sip:[email protected] In kamaili.cfg I have: if(is_method("OPTIONS|INVITE")) { secsipid_add_identity("493044448888", "493055559999", "A", "", "https://asipto.lab/stir/cert.pem";, "/tmp/ec256-private.pem"); Versions: $ go version go version go1.11.6 linux/amd64 $ openssl version OpenSSL 1.1.1d 10 Sep 2019 Cheers, Daniel On 28.05.21 13:05, Daniel-Constantin Mierla wrote: > > I will try to reproduce when I get the first chance these days, maybe > I broke something while I worked to propagate different return codes > for error cases. > > One more question for now: are you using the latest libsecsipid, build > from the master/main branch of the secsipidx project? > > Cheers, > Daniel > > On 28.05.21 10:27, David Villasmil wrote: >> Correct. >> That’s a log with debug 3, absolutely nothing is coming out. :( >> >> >> >> On Thu, 27 May 2021 at 20:54, Daniel-Constantin Mierla >> <[email protected] <mailto:[email protected]>> wrote: >> >> Same logs like with before with previous certificate? Can you >> attach log messages with debug=3? >> >> Cheers, >> Daniel >> >> On 27.05.21 20:13, David Villasmil wrote: >>> Yep i just tried that :) >>> >>> I don't get an error on the CLI: >>> >>> # secsipidx -sign-full -orig-tn 493044448888 -dest-tn >>> 493055559999 -attest A -x5u http://asipto.lab/stir/cert.pem >>> <http://asipto.lab/stir/cert.pem> -k ec256-private.pem >>> >>> eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cDovL2FzaXB0by5sYWIvc3Rpci9jZXJ0LnBlbSJ9.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyI0OTMwNTU1NTk5OTkiXX0sImlhdCI6MTYyMjEzOTE1Nywib3JpZyI6eyJ0biI6IjQ5MzA0NDQ0ODg4OCJ9LCJvcmlnaWQiOiIxOWE5OWY2ZS1mZWE5LTQyYmEtYmU2ZC1lNDZkNjZkMGIzNjcifQ.64Z_uNPA5frA20nqurHxOD8qLtuvcGeMxmx0ZhBmSWFoeEU53nHSmEWOsAJC5eiJLuIWfVI9HFhJIKyK6PMrcA;info=<http://asipto.lab/stir/cert.pem >>> <http://asipto.lab/stir/cert.pem>>;alg=ES256;ppt=shaken >>> >>> But still failing in kamailio... >>> >>> Regards, >>> >>> David Villasmil >>> email: [email protected] >>> <mailto:[email protected]> >>> phone: +34669448337 >>> >>> >>> On Thu, May 27, 2021 at 7:09 PM Daniel-Constantin Mierla >>> <[email protected] <mailto:[email protected]>> wrote: >>> >>> Hello, >>> >>> On 27.05.21 19:58, David Villasmil wrote: >>>> Hello guys, >>>> >>>> I want to test secsipid, but i don't yet have the >>>> certificate. So i thought i'd create a cert like: >>>> >>>> openssl req -new -newkey rsa:4096 -nodes -keyout >>>> snakeoil.key -out snakeoil.csr >>>> openssl x509 -req -sha256 -days 365 -in snakeoil.csr >>>> -signkey snakeoil.key -out snakeoil.pem >>>> >>>> Then i'm simply doing: >>>> >>>> $var(rc) = secsipid_add_identity("$fU", "$rU", "A", "", >>>> "https://somedomain.com/stir/$rd/cert.pem >>>> <https://kamailio.org/stir/$rd/cert.pem>", >>>> "/etc/kamailio/snakeoil.pem"); >>>> if ( $var(rc) ) { >>>> xlog("L_ERR", "[STIR/SHAKEN][$ci] Shaken authentication >>>> added (SIP Identity Header created)\n"); >>>> } else { >>>> xlog("L_ERR", "[STIR/SHAKEN][$ci] Failed\n"); >>>> } >>>> >>>> But no matter what i do it silently fails: >>>> >>>> INVITE d54c2919-39b6-123a-95a7-0e29a5289b8d} <script>: >>>> [STIR/SHAKEN][d54c2919-39b6-123a-95a7-0e29a5289b8d] Failed >>>> >>>> I have debug on 6, but i don't get more info regarding the >>>> error. >>>> >>>> Any ideas? >>> >>> based on the specs, it should not be the usual ssl/tls >>> certificate, try to generate them using the guidelines at: >>> >>> * https://github.com/asipto/secsipidx#keys-generation >>> <https://github.com/asipto/secsipidx#keys-generation> >>> >>> Cheers, >>> Daniel >>> >>> -- >>> Daniel-Constantin Mierla -- www.asipto.com <http://www.asipto.com> >>> www.twitter.com/miconda <http://www.twitter.com/miconda> -- >>> www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda> >>> Kamailio Advanced Training - Online - June 7-10, 2021 (America >>> Timezone) >>> * https://www.asipto.com/sw/kamailio-advanced-training-online/ >>> <https://www.asipto.com/sw/kamailio-advanced-training-online/> >>> >> -- >> Daniel-Constantin Mierla -- www.asipto.com <http://www.asipto.com> >> www.twitter.com/miconda <http://www.twitter.com/miconda> -- >> www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda> >> Kamailio Advanced Training - Online - June 7-10, 2021 (America Timezone) >> * https://www.asipto.com/sw/kamailio-advanced-training-online/ >> <https://www.asipto.com/sw/kamailio-advanced-training-online/> >> >> -- >> Regards, >> >> David Villasmil >> email: [email protected] >> <mailto:[email protected]> >> phone: +34669448337 > -- > Daniel-Constantin Mierla -- www.asipto.com > www.twitter.com/miconda -- www.linkedin.com/in/miconda > Kamailio Advanced Training - Online - June 7-10, 2021 (America Timezone) > * https://www.asipto.com/sw/kamailio-advanced-training-online/ -- Daniel-Constantin Mierla -- www.asipto.com www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio Advanced Training - Online - June 7-10, 2021 (America Timezone) * https://www.asipto.com/sw/kamailio-advanced-training-online/
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
