Hello vlad
Thank you so much For your response , Verification Service works using
those certificates .
Regards,
Devang Dhandhalya
On Tue, Nov 23, 2021 at 10:32 PM Vlad Patrascu wrote:
> Hello Devang,
>
> The cache_fetch() functions returns -2 when the key is not found so it's
> normal when getting the certificate the first time.
>
> STIR/SHAKEN requires that the certificates have the TnAuthList extension.
> You can check out some examples on how to generate such certificates in
> this document [1] at Appendix A or this script [2].
>
> [1]
> https://cstga.ca/wp-content/uploads/2020/07/ATIS-180.v002_SHAKEN-Governance-Model.pdf
>
> [2]
> https://github.com/OpenSIPIt/OpenSIPIt_00/blob/master/STIR_SHAKEN/Certgen/gencert.sh
>
> Regards,
>
> --
> Vlad Patrascu
> OpenSIPS Core Developerhttp://www.opensips-solutions.com
>
> On 22.11.2021 14:41, Devang Dhandhalya wrote:
>
> Hello Vlad
>
> Authentication service works fine. Now I am getting an error in the
> stir_shaken_verify function , after fetching a certificate, I am getting
> below error . I generated private keys and X509 certificates using
> prime256v1" EC.
> After fetching the certificate I am getting var(found) = -2 can you please
> tell me about this too .
>
> OpenSIPS Logs :
>
>
>
>
>
> *var(found) = [-2] INFO:stir_shaken:validate_certificate: The certificate
> is missing the TnAuthList extension INFO:stir_shaken:w_stir_verify: Invalid
> certificate return code : [-8] stir_shaken_verify() failed:437, Unsupported
> Credential *
> below opensips script snippet :
>
> $var(found) = cache_fetch("local",$identity(x5u),$var(cert));
>
>
> if (!$var(found) || !stir_shaken_check_cert("$var(cert)")) {
> rest_get("$identity(x5u)",$var(cert),$var(ctype),
> $var(http_rc));
> if ($rc<0 ) {
> send_reply(436, "Bad Identity Info");
> exit;
> }
> cache_store("local", $identity(x5u),"$var(cert)");
> }
>
>
> $var(rc_verify)= stir_shaken_verify($var(cert),
> $var(err_sip_code),$var(err_sip_reason),"$var(orig)","$var(dest)");
> if ($var(rc_verify) < 0) {
>
> send_reply(
> $var(err_sip_code),$var(err_sip_reason));
> exit;
> }
>
> Kindly inform me why I am getting this error . Please suggest a solution
> to this .
>
>
> Regards
> Devang Dhandhalya
>
>
> On Fri, Nov 19, 2021 at 3:16 PM Devang Dhandhalya <
> devang.dhandha...@ecosmob.com> wrote:
>
>> Hello Vlad
>>
>> Thanks for your response . Authentication service works .
>>
>> Regards ,
>> Devang Dhandhalya
>>
>>
>> On Wed, Nov 17, 2021 at 8:57 PM Devang Dhandhalya <
>> devang.dhandha...@ecosmob.com> wrote:
>>
>>> hello all
>>>
>>>
>>> Above E.164 Error still getting .Right now I'm getting the below error .
>>> Can anyone tell me why I am getting this error ? as far as i know this
>>> error for x5u parameter in stir_shaken_auth function , this issue coming
>>> for certificate path or certificate file format .
>>>
>>>
>>> I check the certificate file with .der and .cer format also .
>>>
>>> Here is the code snippet used .
>>> $var(rc_auth)=stir_shaken_auth("A", "GWID-123456","$var(cert)",
>>> "$var(pkey)","http://localhost/certificate.pem","$var(orig)","$var(dest)");
>>>
>>> Below Error i am getting .
>>>
>>>
>>> ERROR:stir_shaken:add_identity_hf: Failed to convert from DER to internal
>>> format
>>>
>>> ERROR:stir_shaken:w_stir_auth: Failed to add Identity header
>>>
>>> STIR_SHAKEN AUTHENTICATION SERVICE return code : -1
>>>
>>>
>>> Kindly let me know if there is something wrong that I could be doing.
>>>
>>> Many Thanks
>>> Devang Dhandhalya
>>>
>>>
>>> On Wed, Nov 17, 2021 at 11:37 AM Devang Dhandhalya <
>>> devang.dhandha...@ecosmob.com> wrote:
>>>
Hi All
I configured the e164 strict mode module parameter as 0 (disabled) .
but still i am getting errors related to its e164 format .While if
orig/dest number is not in e164 format then also opensips have to accept it
but it is not accepting . I have a user like extension123 for this
function I have to perform authentication service . if i have a user
extension123 is it possible to perform authenticate service for this kind
of user ?
I think this is a bug for the e164 strict mode module parameter . I am
getting the below error .
opensips version : 3.2.2
ERROR :
ERROR:stir_shaken:check_passport_phonenum: number is not in E.164
format: extension123
ERROR:stir_shaken:w_stir_auth: failed to validate Originator number
(extension123)
loadmodule "stir_shaken.so"
modparam("stir_shaken", "auth_date_freshness", 300)
modparam("stir_shaken", "verify_date_freshness", 300)
modparam("stir_shaken", "require_date_hdr", 0)
modparam("stir_shaken", "e164_strict_mode", 0)
$var(orig) = $fU;
$var(dest) = $tU