Re: [OpenSIPS-Users] stir_shaken_auth is not in E.164 format

2023-07-24 Thread Răzvan Crainea 

Hi, Alain!

If I count correctly, your number is 16 digits long, whereas E.164 is 
limited to 15 digits.


Best regards,

Răzvan Crainea
OpenSIPS Core Developer
http://www.opensips-solutions.com

On 7/24/23 13:08, Alain Bieuzent wrote:

Hi All,

i'm facing a case where stir_shaken_auth module return -3 because called 
number would not be in E164 format.


SIP INVITE looks like :

INVITE sip:+331016024033XXYY@10.101.180.124;user=phone 
 SIP/2.0


Via: SIP/2.0/UDP 10.101.180.177:5060;branch=z9hG4bK5e169d58

Max-Forwards: 70

From: "+33187644101" sip:+3318764@10.101.180.177 
;tag=as7d1c5a30


To: sip:+331016024033XXYY@10.101.180.124;user=phone 



Contact: sip:+3318764@10.101.180.177:5060 



Opensips logs :

Jul 24 11:49:34 lbsip-rtpe-test opensips[11670]: 
NOTICE:stir_shaken:check_passport_phonenum: number is not in E.164 
format: 331016024033XXYY


Jul 24 11:49:34 lbsip-rtpe-test opensips[11670]: 
NOTICE:stir_shaken:w_stir_auth: failed to validate Destination number 
(331016024033XXYY)


Jul 24 11:49:34 lbsip-rtpe-test opensips[11670]: 
DBG:core:comp_scriptvar: int 26: -3 / 0


Jul 24 11:49:34 lbsip-rtpe-test opensips[11670]: 
DBG:core:comp_scriptvar: int 20: -3 / -1


Jul 24 11:49:34 lbsip-rtpe-test opensips[11670]: 
5c20b66446f77cfe0f475a1a43717552@10.101.180.177:5060|STIR_SHAKEN|FAILED 
stir_shaken_auth() failed (rc=-3) call Reject


the requested number contains the portability prefix and breaks down as 
follows:


Country Code : +33

Portability prefix : 10160

Called number : 24033XXYY

It tried with e164_strict_mode =0 and e164_strict_mode =1, with no effect.

any help would be welcome.

Thanks

Alain


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Issue with stir and shaken crl_list

2023-07-24 Thread Răzvan Crainea 

Hi, Mickael!

I don't have much experience with this, but a first search would point 
to this [1] answer, which seems reasonable to me: you need to provide 
the CRL of the entire path, not only of your intermediate cert. Did you 
try that?


[1] https://stackoverflow.com/a/47398918

Best regards,

Răzvan Crainea
OpenSIPS Core Developer
http://www.opensips-solutions.com

On 7/19/23 15:47, Mickael Hubert wrote:

Hi all,
I'm working on stir and shaken, and I want to include all revoked 
certificates.

I my list in DER format, I use this command to transform it to PEM format:
openssl crl -in man_crl.der -inform DER -outform PEM -out crl.pem

there is no erreur, I can read pem format (crl.pem):
-BEGIN X509 CRL-

-END X509 CRL-

I configured opensips with this:
modparam("stir_shaken", "crl_list", "/etc/opensips/stir-shaken-ca/crl.pem")

but I have an error:
ul 19 12:39:07 [12] INFO:stir_shaken:verify_callback: certificate 
validation failed: unable to get certificate CRL

Jul 19 12:39:07 [12] INFO:stir_shaken:w_stir_verify: Invalid certificate

Can you tell me, what is exactly the correct format please ?

Thanks in advance !
++

___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] stir_shaken_auth is not in E.164 format

2023-07-24 Thread Alain Bieuzent 
Hi All,

 

i'm facing a case where stir_shaken_auth module return -3 because called number 
would not be in E164 format.

 

SIP INVITE looks like :

 

INVITE sip:+331016024033XXYY@10.101.180.124;user=phone SIP/2.0

Via: SIP/2.0/UDP 10.101.180.177:5060;branch=z9hG4bK5e169d58

Max-Forwards: 70

From: "+33187644101" sip:+3318764@10.101.180.177;tag=as7d1c5a30

To: sip:+331016024033XXYY@10.101.180.124;user=phone

Contact: sip:+3318764@10.101.180.177:5060

 

Opensips logs :

Jul 24 11:49:34 lbsip-rtpe-test opensips[11670]: 
NOTICE:stir_shaken:check_passport_phonenum: number is not in E.164 format: 
331016024033XXYY

Jul 24 11:49:34 lbsip-rtpe-test opensips[11670]: 
NOTICE:stir_shaken:w_stir_auth: failed to validate Destination number 
(331016024033XXYY)

Jul 24 11:49:34 lbsip-rtpe-test opensips[11670]: DBG:core:comp_scriptvar: int 
26: -3 / 0

Jul 24 11:49:34 lbsip-rtpe-test opensips[11670]: DBG:core:comp_scriptvar: int 
20: -3 / -1

Jul 24 11:49:34 lbsip-rtpe-test opensips[11670]: 
5c20b66446f77cfe0f475a1a43717552@10.101.180.177:5060|STIR_SHAKEN|FAILED 
stir_shaken_auth() failed (rc=-3) call Reject

 

the requested number contains the portability prefix and breaks down as follows:

Country Code : +33

Portability prefix : 10160

Called number : 24033XXYY

 

It tried with e164_strict_mode =0 and e164_strict_mode =1, with no effect.

 

any help would be welcome.

 

Thanks

 

Alain

___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users