Hello Daniel, Thanks for looking into this:
# go version go version go1.16.4 linux/amd64 # openssl version OpenSSL 1.1.1d 10 Sep 2019 root@sip-stir1:/home/admin# i can try getting the same go version and see what happens. Regards, David Villasmil email: [email protected] phone: +34669448337 On Mon, May 31, 2021 at 2:15 PM Daniel-Constantin Mierla <[email protected]> wrote: > Hello, > > what are your operating system, golang and openssl versions? > > I tried on Debian stable and I get the Identity header, see next: > > OPTIONS sip:[email protected] SIP/2.0 > Via: SIP/2.0/UDP > 127.0.0.1;branch=z9hG4bK8eba.da1d50fc272715b1f6dfcd665d319b32.0 > Via: SIP/2.0/UDP 127.0.1.1:52897 > ;received=127.0.0.1;branch=z9hG4bK.2d35a346;rport=56013;alias > From: sip:[email protected]:52897;tag=219ec22d > To: sip:[email protected] > Call-ID: [email protected] > CSeq: 1 OPTIONS > Contact: sip:[email protected]:52897 > Content-Length: 0 > Max-Forwards: 69 > User-Agent: sipsak 0.9.7pre > Accept: text/plain > Identity: > eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly9hc2lwdG8ubGFiL3N0aXIvY2VydC5wZW0ifQ.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyI0OTMwNTU1NTk5OTkiXX0sImlhdCI6MTYyMjQ2NjUyNSwib3JpZyI6eyJ0biI6IjQ5MzA0NDQ0ODg4OCJ9LCJvcmlnaWQiOiJlOWI3Nzc1OC03ZmI3LTQ1ZWQtYWMwOS02MDlmOTM3NjFiOWQifQ.fnLenxEUk5qyKvY2xChbAPS-kvjiRmu8jKqEzlywFt0RnpDAK-ErUBjbR78aRjt66fJIFEdQ_dXvV-qRoxkWzA;info= > <https://asipto.lab/stir/cert.pem> <https://asipto.lab/stir/cert.pem> > ;alg=ES256;ppt=shaken > > The OPTIONS was generated with: sipsak -s sip:[email protected] > > In kamaili.cfg I have: > > if(is_method("OPTIONS|INVITE")) { > secsipid_add_identity("493044448888", "493055559999", "A", "", > "https://asipto.lab/stir/cert.pem"; > <https://asipto.lab/stir/cert.pem>, > "/tmp/ec256-private.pem"); > > Versions: > > $ go version > go version go1.11.6 linux/amd64 > > $ openssl version > OpenSSL 1.1.1d 10 Sep 2019 > > Cheers, > Daniel > On 28.05.21 13:05, Daniel-Constantin Mierla wrote: > > I will try to reproduce when I get the first chance these days, maybe I > broke something while I worked to propagate different return codes for > error cases. > > One more question for now: are you using the latest libsecsipid, build > from the master/main branch of the secsipidx project? > > Cheers, > Daniel > On 28.05.21 10:27, David Villasmil wrote: > > Correct. > That’s a log with debug 3, absolutely nothing is coming out. :( > > > > On Thu, 27 May 2021 at 20:54, Daniel-Constantin Mierla <[email protected]> > wrote: > >> Same logs like with before with previous certificate? Can you attach log >> messages with debug=3? >> >> Cheers, >> Daniel >> On 27.05.21 20:13, David Villasmil wrote: >> >> Yep i just tried that :) >> >> I don't get an error on the CLI: >> >> # secsipidx -sign-full -orig-tn 493044448888 -dest-tn 493055559999 >> -attest A -x5u http://asipto.lab/stir/cert.pem -k ec256-private.pem >> >> eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cDovL2FzaXB0by5sYWIvc3Rpci9jZXJ0LnBlbSJ9.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyI0OTMwNTU1NTk5OTkiXX0sImlhdCI6MTYyMjEzOTE1Nywib3JpZyI6eyJ0biI6IjQ5MzA0NDQ0ODg4OCJ9LCJvcmlnaWQiOiIxOWE5OWY2ZS1mZWE5LTQyYmEtYmU2ZC1lNDZkNjZkMGIzNjcifQ.64Z_uNPA5frA20nqurHxOD8qLtuvcGeMxmx0ZhBmSWFoeEU53nHSmEWOsAJC5eiJLuIWfVI9HFhJIKyK6PMrcA;info=< >> http://asipto.lab/stir/cert.pem>;alg=ES256;ppt=shaken >> >> But still failing in kamailio... >> >> Regards, >> >> David Villasmil >> email: [email protected] >> phone: +34669448337 >> >> >> On Thu, May 27, 2021 at 7:09 PM Daniel-Constantin Mierla < >> [email protected]> wrote: >> >>> Hello, >>> On 27.05.21 19:58, David Villasmil wrote: >>> >>> Hello guys, >>> >>> I want to test secsipid, but i don't yet have the certificate. So i >>> thought i'd create a cert like: >>> >>> openssl req -new -newkey rsa:4096 -nodes -keyout snakeoil.key -out >>> snakeoil.csr >>> openssl x509 -req -sha256 -days 365 -in snakeoil.csr -signkey >>> snakeoil.key -out snakeoil.pem >>> >>> Then i'm simply doing: >>> >>> $var(rc) = secsipid_add_identity("$fU", "$rU", "A", "", " >>> https://somedomain.com/stir/$rd/cert.pem >>> <https://kamailio.org/stir/$rd/cert.pem>", >>> "/etc/kamailio/snakeoil.pem"); >>> if ( $var(rc) ) { >>> xlog("L_ERR", "[STIR/SHAKEN][$ci] Shaken authentication added (SIP >>> Identity Header created)\n"); >>> } else { >>> xlog("L_ERR", "[STIR/SHAKEN][$ci] Failed\n"); >>> } >>> >>> But no matter what i do it silently fails: >>> >>> INVITE d54c2919-39b6-123a-95a7-0e29a5289b8d} <script>: >>> [STIR/SHAKEN][d54c2919-39b6-123a-95a7-0e29a5289b8d] Failed >>> >>> I have debug on 6, but i don't get more info regarding the error. >>> >>> Any ideas? >>> >>> based on the specs, it should not be the usual ssl/tls certificate, try >>> to generate them using the guidelines at: >>> >>> * https://github.com/asipto/secsipidx#keys-generation >>> >>> Cheers, >>> Daniel >>> >>> -- >>> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- >>> www.linkedin.com/in/miconda >>> Kamailio Advanced Training - Online - June 7-10, 2021 (America Timezone) >>> * https://www.asipto.com/sw/kamailio-advanced-training-online/ >>> >>> -- >> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- >> www.linkedin.com/in/miconda >> Kamailio Advanced Training - Online - June 7-10, 2021 (America Timezone) >> * https://www.asipto.com/sw/kamailio-advanced-training-online/ >> >> -- > Regards, > > David Villasmil > email: [email protected] > phone: +34669448337 > > -- > Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- > www.linkedin.com/in/miconda > Kamailio Advanced Training - Online - June 7-10, 2021 (America Timezone) > * https://www.asipto.com/sw/kamailio-advanced-training-online/ > > -- > Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- > www.linkedin.com/in/miconda > Kamailio Advanced Training - Online - June 7-10, 2021 (America Timezone) > * https://www.asipto.com/sw/kamailio-advanced-training-online/ > >
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
