Thanks a lot for advice Daniel.
I tried secsipid and it's working fine. But I didn't find some
functionality that the stirshaken module has:
modparam("stirshaken", "vs_verify_x509_cert_path", 1)
modparam("stirshaken", "vs_ca_dir", "/etc/kamailio/stir_CA")
modparam("stirshaken", "vs_crl_dir", "/etc/kamailio/CRL")
Does secsipid have verifying of x509 cert path using CA ? Also does it
have the possibility to check cert in CRL ?
Thank you
On Tue, 4 Apr 2023 at 08:48, Daniel-Constantin Mierla <[email protected]>
wrote:
> Hello,
>
> I cannot help with stirshaken module, not being involved in its
> development, but I could suggest to try the secsipid module, which I
> wrote and I can fix bugs if any is reported. secsipid offers stir/shaken
> functionality as well.
>
> Cheers,
> Daniel
>
> On 03.04.23 18:31, Yuriy Nasida wrote:
> > Hello,
> >
> > It's kamailio 5.6.4.
> >
> > I can say that there is no segfault in case Identity is OK but bad
> > attempts sometimes are the reason for segfault. Not sure I can
> > duplicate but it happens several times per day.
> >
> > Please look at logs.
> >
> > in messages:
> > Apr 3 09:40:02 kam1 kernel: [6381565.762987] kamailio[9141]: segfault
> > at 746c75616665 ip 00007f20c4cab6df sp 00007ffe7ec51470 error 4 in
> > libcrypto.so.1.1[7f20c4c3b000+19e000]
> >
> > kamailio.log:
> > Apr 3 09:40:02 kam1 kamailio[9141]: NOTICE: <script>: it is INVITE
> > with Identity. Lets check Identity
> > Apr 3 09:40:02 kam1 kamailio[9141]: CRITICAL: <core>
> > [core/mem/q_malloc.c:501]: qm_free(): BUG: bad pointer
> > 0x645f6d6574737973 (out of memory block!) called from tls: tls_init.c:
> > ser_free(323) - ignoring
> > Apr 3 09:40:02 kam1 kamailio[9182]: CRITICAL: <core>
> > [core/pass_fd.c:277]: receive_fd(): EOF on 53
> > Apr 3 09:40:02 kam1 kamailio[9100]: ALERT: <core> [main.c:774]:
> > handle_sigs(): child process 9141 exited by a signal 11
> > Apr 3 09:40:02 kam1 kamailio[9100]: ALERT: <core> [main.c:777]:
> > handle_sigs(): core was not generated
> > Apr 3 09:40:02 kam1 kamailio[9100]: CRITICAL: <core>
> > [core/mem/q_malloc.c:501]: qm_free(): BUG: bad pointer
> > 0x645f6d6574737973 (out of memory block!) called from tls: tls_init.c:
> > ser_free(323) - ignoring
> >
> >
> > loadmodule "stirshaken.so"
> >
> > ####### STIRSHAKEN ######
> > modparam("stirshaken", "vs_verify_x509_cert_path", 1)
> > modparam("stirshaken", "vs_ca_dir", "/etc/kamailio/stir_CA")
> > #modparam("stirshaken", "vs_crl_dir", "/etc/kamailio/CRL")
> > modparam("stirshaken", "as_default_key",
> > "/etc/kamailio/key/private_key.pem")
> > modparam("stirshaken", "vs_cache_certificates", 1)
> > modparam("stirshaken", "vs_cache_dir", "/tmp/cert_cache")
> > modparam("stirshaken", "vs_cache_expire_s", 100)
> >
> >
> > if (is_method("INVITE") && is_present_hf("Identity")) {
> > xlog("L_NOTICE", "it is INVITE with Identity. Lets
> > check Identity\n");
> > if (1 == stirshaken_check_identity()) {
> > xlog("L_NOTICE", "Shaken Identity is OK\n");
> > } else {
> > xlog("L_NOTICE", "Shaken Identity is invalid\n");
> > }
> > }
> >
> >
> > Please give me some advice.
> >
> > __________________________________________________________
> > Kamailio - Users Mailing List - Non Commercial Discussions
> > To unsubscribe send an email to [email protected]
> > Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> > Edit mailing list options or unsubscribe:
>
> --
> Daniel-Constantin Mierla -- www.asipto.com
> www.twitter.com/miconda -- www.linkedin.com/in/miconda
> Kamailio World Conference - June 5-7, 2023 - www.kamailioworld.com
>
>
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to [email protected]
Important: keep the mailing list in the recipients, do not reply only to the
sender!
Edit mailing list options or unsubscribe:
