this is what i do (i have a redirect server receive the INVITEs to be
signed, I add the header and then do 302, the initiating server then add it
to the INVITE and sends the invite out:
if ($rm=="INVITE") {
$var(rc) = secsipid_add_identity("$(var(from){s.numeric})",
"$(var(to){s.numeric})", "A", "", "
https://pki.domain.com/stir-shaken-cert.pem";,
"/etc/kamailio/ec256-private.pem");
if ( $var(rc) > 0 ) {
msg_apply_changes();
} else {
update_stat("stirshaken_create_identity_failed","+1");
send_reply("503", "Service Unavailable - can not create Identity header");
exit;
}
append_to_reply("Identity: $hdr(Identity)\r\n");
}
sl_send_reply("302", "Redirect");
exit;
hope that helps
Regards,
David Villasmil
email: [email protected]
On Thu, Jun 20, 2024 at 11:14 PM Blake Ivey via sr-users <
[email protected]> wrote:
> Hmm you are correct. I took it out and it started fine. So what exactly
> would I need for our outbound stirshaken?
>
> Just secsipid_add_identity?
>
> I guess I've been looking at this for too long today. Just lines and lines
> after a while.
>
> On Thu, Jun 20, 2024, 4:47 PM Ben Kaufman <[email protected]> wrote:
>
>> Except for `expire` and `timeout`, those parameters don’t exist for
>> secsip id- at least according to the module documentation:
>> https://kamailio.org/docs/modules/stable/modules/secsipid
>>
>>
>>
>> Regards,
>>
>> Kaufman
>>
>>
>>
>> *From:* Blake Ivey <[email protected]>
>> *Sent:* Thursday, June 20, 2024 3:39 PM
>> *To:* Ben Kaufman <[email protected]>
>> *Cc:* [email protected]
>> *Subject:* Re: [SR-Users] SecSIPID Assistance
>>
>>
>>
>> *CAUTION:* This email originated from outside the organization. *Do not
>> click links or open attachments* unless you recognize the sender and
>> know the content is safe.
>>
>>
>>
>> Sorry for the formatting:
>>
>> ERROR: <core> [core/modparam.c:185]: set_mod_param_regex(): parameter
>> <private_key> of type <1:string> not found in module <secsipid>
>> kamailio: CRITICAL: <core> [core/cfg.y:4011]: yyerror_at(): parse error
>> in config file /etc/kamailio/kamailio.cfg, line 71, column 73: Can't set
>> module parameter
>> kamailio: CRITICAL: <core> [core/cfg.y:4011]: yyerror_at(): parse error
>> in config file /etc/kamailio/kamailio.cfg, line 71, column 70: Can't set
>> module parameter
>> kamailio: ERROR: <core> [core/modparam.c:185]: set_mod_param_regex():
>> parameter <key_path> of type <1:string> not found in module <secsipid>
>>
>>
>>
>> On Thu, Jun 20, 2024, 4:31 PM Ben Kaufman <[email protected]> wrote:
>>
>> What is the error you’re getting?
>>
>>
>>
>> Regards,
>>
>> Kaufman
>>
>>
>>
>>
>>
>> *From:* Blake Ivey via sr-users <[email protected]>
>> *Sent:* Thursday, June 20, 2024 3:14 PM
>> *To:* Kamailio (SER) - Users Mailing List <[email protected]>
>> *Cc:* Blake Ivey <[email protected]>
>> *Subject:* [SR-Users] SecSIPID Assistance
>>
>>
>>
>> *CAUTION:* This email originated from outside the organization. *Do not
>> click links or open attachments* unless you recognize the sender and
>> know the content is safe.
>>
>>
>>
>> Hi everyone. Wanting to see if someone could point me in the right
>> direction. Still very knew to Kamailio but I am beginning to understand it
>> better. I'm making an outbound proxy and have everything working well
>> besides stir/shaken. I'm looking at the module page and have went back and
>> forth with chatGPT and can't seem to figure this part out. I keep getting
>> errors on the modparam lines.
>>
>>
>>
>> Obviously this is a self signed cert because I'm just testing. I am able
>> to reach and download the cert from the Web server.
>>
>>
>>
>> Thank you for any assistance.
>>
>>
>>
>> # SECSIPID for Stir/Shaken
>>
>> modparam("secsipid", "private_key", "/etc/kamailio/secsipid/private.key")
>>
>> modparam("secsipid", "certificate", "/etc/kamailio/secsipid/cert.crt")
>>
>> modparam("secsipid", "authority_cert", "/etc/kamailio/secsipid/ca.crt")
>>
>> modparam("secsipid", "expire", 600) modparam("secsipid", "timeout", 2)
>>
>>
>>
>> route[STIRSHAKEN] {
>>
>> if (is_method("INVITE")) {
>>
>> if (!secsipid_add_identity("$fU", "$rU", "A", "", "
>> http://myIPaddress.com/stir_shaken_cert.crt
>> <http://myipaddress.com/stir_shaken_cert.crt>",
>> "/etc/kamailio/secsipid/private.key")) {
>>
>> xlog("L_ERR", "Failed to sign call with ID: $ci - From:
>> $fU\n");
>>
>> send_reply("500", "Internal Server Error");
>>
>> exit;
>>
>> } else {
>>
>> xlog("L_INFO", "Successfully signed call with ID: $ci - From:
>> $fU\n");
>>
>> }
>>
>> }
>>
>>
>>
>> # Relay the call after signing
>>
>> route(RELAY);
>>
>> }
>>
>>
>>
>> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
> To unsubscribe send an email to [email protected]
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
>
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to [email protected]
Important: keep the mailing list in the recipients, do not reply only to the
sender!
Edit mailing list options or unsubscribe:
