Will do On Wed, 2 Jun 2021 at 07:14, Daniel-Constantin Mierla <[email protected]> wrote:
> The lib and module are rather fresh, they improve base on feedback. > > The latest version of the lib should return different codes in case of > failures, being propagated by the functions in the kamailio config. The > codes can be found at: > > * https://github.com/asipto/secsipidx/blob/main/secsipid/secsipid.go#L32 > > If you have time, try it and report if works as expected. > > Cheers, > Daniel > On 31.05.21 17:35, David Villasmil wrote: > > Yep, It's working with 1.16.4 > So the problem was with the pem ownership. > It's a pity secsipid.so doesn't return an access denied error. > > CLI doesn return an error: > > error: Unable to read private key file: open > /etc/kamailio/ec256-private.pem: permission denied > > Regards, > > David Villasmil > email: [email protected] > phone: +34669448337 > > > On Mon, May 31, 2021 at 4:26 PM David Villasmil < > [email protected]> wrote: > >> Daniel, >> >> Ok, i downloaded and installed 1.11.6 just like yours and recompiled, etc. >> I also changed the owner of the pem file, which was owned by root, and >> not by the user kamailio. >> >> Now it's working. >> >> d9655} <script>: [STIR/SHAKEN][157428d2-3cc7-123a-eaad-122eaa5d9655] >> secsipid_add_identity('493044448888', '493055559999', 'A', '', ' >> http://asipto.lab/stir/cert.pem', '/etc/kamailio/ec256-private.pem') >> May 31 15:24:08 ip-10-231-32-237 >> /usr/local/kamailio5/sbin/kamailio[1920]: DEBUG: {1 36683532 INVITE >> 157428d2-3cc7-123a-eaad-122eaa5d9655} secsipid [secsipid_mod.c:333]: >> ki_secsipid_add_identity(): appending identity: >> eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cDovL2FzaXB0by5sYWIvc3Rpci9jZXJ0LnBlbSJ9.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyI0OTMwNTU1NTk5OTkiXX0sImlhdCI6MTYyMjQ3NDY0OCwib3JpZyI6eyJ0biI6IjQ5MzA0NDQ0ODg4OCJ9LCJvcmlnaWQiOiI0YWU3NGE3My01N2Q3LTQzZWMtYjMyOS00NDdiMDg4OWVkYmMifQ.AyxAeNFuthcpJld8osJBj9QVxBnwK91zeo0tEusXrMNNrG2aW8N9Az255qf3UlOIDtm1MmQI_y3-Gz6u57OCQA;info=< >> http://asipto.lab/stir/cert.pem>;alg=ES256;ppt=shaken >> >> But now i¡m left wondering whether it was the ownership of the file or >> the version. >> >> So i will install again the latest and see what happens. >> >> >> Regards, >> >> David Villasmil >> email: [email protected] >> phone: +34669448337 >> >> >> On Mon, May 31, 2021 at 2:19 PM David Villasmil < >> [email protected]> wrote: >> >>> Hello Daniel, >>> >>> Thanks for looking into this: >>> >>> # go version >>> go version go1.16.4 linux/amd64 >>> >>> # openssl version >>> OpenSSL 1.1.1d 10 Sep 2019 >>> root@sip-stir1:/home/admin# >>> i can try getting the same go version and see what happens. >>> >>> Regards, >>> >>> David Villasmil >>> email: [email protected] >>> phone: +34669448337 >>> >>> >>> On Mon, May 31, 2021 at 2:15 PM Daniel-Constantin Mierla < >>> [email protected]> wrote: >>> >>>> Hello, >>>> >>>> what are your operating system, golang and openssl versions? >>>> >>>> I tried on Debian stable and I get the Identity header, see next: >>>> >>>> OPTIONS sip:[email protected] SIP/2.0 >>>> Via: SIP/2.0/UDP >>>> 127.0.0.1;branch=z9hG4bK8eba.da1d50fc272715b1f6dfcd665d319b32.0 >>>> Via: SIP/2.0/UDP 127.0.1.1:52897 >>>> ;received=127.0.0.1;branch=z9hG4bK.2d35a346;rport=56013;alias >>>> From: sip:[email protected]:52897;tag=219ec22d >>>> To: sip:[email protected] >>>> Call-ID: [email protected] >>>> CSeq: 1 OPTIONS >>>> Contact: sip:[email protected]:52897 >>>> Content-Length: 0 >>>> Max-Forwards: 69 >>>> User-Agent: sipsak 0.9.7pre >>>> Accept: text/plain >>>> Identity: >>>> eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly9hc2lwdG8ubGFiL3N0aXIvY2VydC5wZW0ifQ.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyI0OTMwNTU1NTk5OTkiXX0sImlhdCI6MTYyMjQ2NjUyNSwib3JpZyI6eyJ0biI6IjQ5MzA0NDQ0ODg4OCJ9LCJvcmlnaWQiOiJlOWI3Nzc1OC03ZmI3LTQ1ZWQtYWMwOS02MDlmOTM3NjFiOWQifQ.fnLenxEUk5qyKvY2xChbAPS-kvjiRmu8jKqEzlywFt0RnpDAK-ErUBjbR78aRjt66fJIFEdQ_dXvV-qRoxkWzA;info= >>>> <https://asipto.lab/stir/cert.pem> <https://asipto.lab/stir/cert.pem> >>>> ;alg=ES256;ppt=shaken >>>> >>>> The OPTIONS was generated with: sipsak -s sip:[email protected] >>>> >>>> In kamaili.cfg I have: >>>> >>>> if(is_method("OPTIONS|INVITE")) { >>>> secsipid_add_identity("493044448888", "493055559999", "A", "", >>>> "https://asipto.lab/stir/cert.pem"; >>>> <https://asipto.lab/stir/cert.pem>, >>>> "/tmp/ec256-private.pem"); >>>> >>>> Versions: >>>> >>>> $ go version >>>> go version go1.11.6 linux/amd64 >>>> >>>> $ openssl version >>>> OpenSSL 1.1.1d 10 Sep 2019 >>>> >>>> Cheers, >>>> Daniel >>>> On 28.05.21 13:05, Daniel-Constantin Mierla wrote: >>>> >>>> I will try to reproduce when I get the first chance these days, maybe I >>>> broke something while I worked to propagate different return codes for >>>> error cases. >>>> >>>> One more question for now: are you using the latest libsecsipid, build >>>> from the master/main branch of the secsipidx project? >>>> >>>> Cheers, >>>> Daniel >>>> On 28.05.21 10:27, David Villasmil wrote: >>>> >>>> Correct. >>>> That’s a log with debug 3, absolutely nothing is coming out. :( >>>> >>>> >>>> >>>> On Thu, 27 May 2021 at 20:54, Daniel-Constantin Mierla < >>>> [email protected]> wrote: >>>> >>>>> Same logs like with before with previous certificate? Can you attach >>>>> log messages with debug=3? >>>>> >>>>> Cheers, >>>>> Daniel >>>>> On 27.05.21 20:13, David Villasmil wrote: >>>>> >>>>> Yep i just tried that :) >>>>> >>>>> I don't get an error on the CLI: >>>>> >>>>> # secsipidx -sign-full -orig-tn 493044448888 -dest-tn 493055559999 >>>>> -attest A -x5u http://asipto.lab/stir/cert.pem -k ec256-private.pem >>>>> >>>>> eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cDovL2FzaXB0by5sYWIvc3Rpci9jZXJ0LnBlbSJ9.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyI0OTMwNTU1NTk5OTkiXX0sImlhdCI6MTYyMjEzOTE1Nywib3JpZyI6eyJ0biI6IjQ5MzA0NDQ0ODg4OCJ9LCJvcmlnaWQiOiIxOWE5OWY2ZS1mZWE5LTQyYmEtYmU2ZC1lNDZkNjZkMGIzNjcifQ.64Z_uNPA5frA20nqurHxOD8qLtuvcGeMxmx0ZhBmSWFoeEU53nHSmEWOsAJC5eiJLuIWfVI9HFhJIKyK6PMrcA;info=< >>>>> http://asipto.lab/stir/cert.pem>;alg=ES256;ppt=shaken >>>>> >>>>> But still failing in kamailio... >>>>> >>>>> Regards, >>>>> >>>>> David Villasmil >>>>> email: [email protected] >>>>> phone: +34669448337 >>>>> >>>>> >>>>> On Thu, May 27, 2021 at 7:09 PM Daniel-Constantin Mierla < >>>>> [email protected]> wrote: >>>>> >>>>>> Hello, >>>>>> On 27.05.21 19:58, David Villasmil wrote: >>>>>> >>>>>> Hello guys, >>>>>> >>>>>> I want to test secsipid, but i don't yet have the certificate. So i >>>>>> thought i'd create a cert like: >>>>>> >>>>>> openssl req -new -newkey rsa:4096 -nodes -keyout snakeoil.key -out >>>>>> snakeoil.csr >>>>>> openssl x509 -req -sha256 -days 365 -in snakeoil.csr -signkey >>>>>> snakeoil.key -out snakeoil.pem >>>>>> >>>>>> Then i'm simply doing: >>>>>> >>>>>> $var(rc) = secsipid_add_identity("$fU", "$rU", "A", "", " >>>>>> https://somedomain.com/stir/$rd/cert.pem >>>>>> <https://kamailio.org/stir/$rd/cert.pem>", >>>>>> "/etc/kamailio/snakeoil.pem"); >>>>>> if ( $var(rc) ) { >>>>>> xlog("L_ERR", "[STIR/SHAKEN][$ci] Shaken authentication added >>>>>> (SIP Identity Header created)\n"); >>>>>> } else { >>>>>> xlog("L_ERR", "[STIR/SHAKEN][$ci] Failed\n"); >>>>>> } >>>>>> >>>>>> But no matter what i do it silently fails: >>>>>> >>>>>> INVITE d54c2919-39b6-123a-95a7-0e29a5289b8d} <script>: >>>>>> [STIR/SHAKEN][d54c2919-39b6-123a-95a7-0e29a5289b8d] Failed >>>>>> >>>>>> I have debug on 6, but i don't get more info regarding the error. >>>>>> >>>>>> Any ideas? >>>>>> >>>>>> based on the specs, it should not be the usual ssl/tls certificate, >>>>>> try to generate them using the guidelines at: >>>>>> >>>>>> * https://github.com/asipto/secsipidx#keys-generation >>>>>> >>>>>> Cheers, >>>>>> Daniel >>>>>> >>>>>> -- >>>>>> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- >>>>>> www.linkedin.com/in/miconda >>>>>> Kamailio Advanced Training - Online - June 7-10, 2021 (America Timezone) >>>>>> * https://www.asipto.com/sw/kamailio-advanced-training-online/ >>>>>> >>>>>> -- >>>>> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- >>>>> www.linkedin.com/in/miconda >>>>> Kamailio Advanced Training - Online - June 7-10, 2021 (America Timezone) >>>>> * https://www.asipto.com/sw/kamailio-advanced-training-online/ >>>>> >>>>> -- >>>> Regards, >>>> >>>> David Villasmil >>>> email: [email protected] >>>> phone: +34669448337 >>>> >>>> -- >>>> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- >>>> www.linkedin.com/in/miconda >>>> Kamailio Advanced Training - Online - June 7-10, 2021 (America Timezone) >>>> * https://www.asipto.com/sw/kamailio-advanced-training-online/ >>>> >>>> -- >>>> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- >>>> www.linkedin.com/in/miconda >>>> Kamailio Advanced Training - Online - June 7-10, 2021 (America Timezone) >>>> * https://www.asipto.com/sw/kamailio-advanced-training-online/ >>>> >>>> -- > Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- > www.linkedin.com/in/miconda > Kamailio Advanced Training - Online - June 7-10, 2021 (America Timezone) > * https://www.asipto.com/sw/kamailio-advanced-training-online/ > > -- Regards, David Villasmil email: [email protected] phone: +34669448337
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
