I'd recommend libsecsipid over stirshaken. It's more flexible (stirshaken only allows for SHAKEN passports), and from an STI-AS standpoint, it can only append the Identity header to the request, so if you're implementing signing as a redirect server you have to then do a little extra work to extract it. It also seems to get less development attention. If you're running Debian on x86, libsecsipid can be entirely installed from packages as well.
Regards, Kaufman -----Original Message----- From: Daniel-Constantin Mierla via sr-users <[email protected]> Sent: Wednesday, May 29, 2024 12:52 AM To: Kamailio (SER) - Users Mailing List <[email protected]> Cc: [email protected]; Daniel-Constantin Mierla <[email protected]> Subject: [SR-Users] Re: libstirshaken installation issues CAUTION: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hello, this looks like related only to the libstirshaken project, nothing to do with Kamailio module. Apparently is about deprecated functions treated as errors, but you have to address the issue to the libstirshaken project. Alternatively, in Kamailio you can use secsipid module, which also offers STIR/SHAKEN functionality. Cheers, Daniel On 28.05.24 23:20, tfayomi--- via sr-users wrote: > Hi All, > > I am attempting to install the stirshaken module for kamailio and I ran into > a couple issues installing the open source c library for libstirshaken. When > I use the make command, I'm getting this error: > > src/stir_shaken.c: In function 'stir_shaken_is_key_trusted': > src/stir_shaken.c:726:9: error: 'EVP_PKEY_cmp' is deprecated: Since OpenSSL > 3.0 [-Werror=deprecated-declarations] > 726 | if (!EVP_PKEY_cmp(pkey, candidate_pkey)) { > | ^~ > In file included from /usr/include/openssl/x509.h:29, > from /usr/include/openssl/ssl.h:31, > from /usr/include/libks2/libks/ks_ssl.h:25, > from /usr/include/libks2/libks/ks.h:80, > from include/stir_shaken.h:15, > from src/stir_shaken.c:1: > /usr/include/openssl/evp.h:1418:5: note: declared here > 1418 | int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); > | ^~~~~~~~~~~~ > At top level: > cc1: note: unrecognized command-line option > '-Wno-gnu-zero-variadic-macro-arguments' may have been intended to > silence earlier diagnostics > cc1: all warnings being treated as errors > make: *** [Makefile:1337: src/stir_shaken.lo] Error 1 > > I tried going into the stir_shaken file and changing EVP_PKEY_cmp to > EVP_PKEY_eq, but it just brings up more deprecation errors. I also tried > rolling back the openssl version on my machine to openssl version 1.1 and > changing EVP_PKEY_eq back to EVP_PKEY_cmp, but the same error persists. Is > there any way to resolve this error, or is there another library that can be > used to get the stirshaken module for kamailio? > > Thanks in advance, > Temi > __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions To > unsubscribe send an email to [email protected] > Important: keep the mailing list in the recipients, do not reply only to the > sender! > Edit mailing list options or unsubscribe: -- Daniel-Constantin Mierla (@ asipto.com) twitter.com/miconda -- linkedin.com/in/miconda Kamailio Consultancy, Training and Development Services -- asipto.com __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
