[SR-Users] Question about the Secsipid module

Володимир Іванець volodyaivanets at gmail.com
Wed Sep 28 16:04:38 CEST 2022 

Hello Daniel,

Thank you for the hints. I made a very simple configuration and Kamailio
v5.6 started without a problem. I will be looking into my current
configuration.

Test config:

loadmodule "tm.so"
loadmodule "tmx.so"
loadmodule "sl.so"
loadmodule "pv.so"


loadmodule "secsipid.so"


request_route {


  if ($si == "127.0.0.1") {
    $var(secsipid_x5u) = "https://xyz/123K";
    $var(secsipid_keyPath) =
"/var/kamailio/stir-shaken/rule-aaa/132.key.pem";
    secsipid_add_identity("$fU", "$rU", "A", "", "$var(secsipid_x5u)",
"$var(secsipid_keyPath)");
  }


  else {
    if (!secsipid_check_identity("")) {
      sl_send_reply("403", "Forbidden");
      exit;
    }
  }


  t_relay();
}


вт, 27 вер. 2022 р. о 18:42 Daniel-Constantin Mierla <miconda at gmail.com>
пише:

> You can use the 5.6 branch, secsipid module should be the same as in
> master branch.
>
> Otherwise, C99 should be required to be supported by the compiler because
> of code in many other components, is rpm build script enforcing an older C
> standard in the compiler?
>
> Cheers,
> Daniel
> On 27.09.22 17:31, Володимир Іванець wrote:
>
> I will try the master branch too. Unfortunately there is a problem with
> the RPM build procedure. I will try a different approach and update you
> when I have something. Thank you for your help!
>
>
> In file included from core/ppcfg.c:37:0:
> core/utils/snexpr.h: In function 'snexpr_op':
> core/utils/snexpr.h:272:2: error: 'for' loop initial declarations are only
> allowed in C99 mode
>   for(unsigned int i = 0; i < sizeof(OPS) / sizeof(OPS[0]); i++) {
>   ^
> core/utils/snexpr.h:272:2: note: use option -std=c99 or -std=gnu99 to
> compile your code
> core/utils/snexpr.h: In function 'snexpr_parse_number':
> core/utils/snexpr.h:286:2: error: 'for' loop initial declarations are only
> allowed in C99 mode
>   for(unsigned int i = 0; i < len; i++) {
>   ^
> core/utils/snexpr.h: In function 'snexpr_func_find':
> core/utils/snexpr.h:322:2: error: 'for' loop initial declarations are only
> allowed in C99 mode
>   for(struct snexpr_func *f = funcs; f->name; f++) {
>   ^
> core/utils/snexpr.h: In function 'snexpr_convert_num':
> core/utils/snexpr.h:398:3: warning: implicit declaration of function
> 'asprintf' [-Wimplicit-function-declaration]
>    asprintf(&e->param.stz.sval, "%g", value);
>    ^
> core/utils/snexpr.h: In function 'snexpr_create':
> core/utils/snexpr.h:1193:6: error: 'for' loop initial declarations are
> only allowed in C99 mode
>       for(struct snexpr_var *v = vars->head; v; v = v->next) {
>       ^
> core/utils/snexpr.h:1217:7: error: 'for' loop initial declarations are
> only allowed in C99 mode
>        for(int j = 0; j < sne_vec_len(&arg.args); j++) {
>        ^
> core/utils/snexpr.h:1231:15: error: redefinition of 'j'
>        for(int j = 1; j < sne_vec_len(&m.body); j++) {
>                ^
> core/utils/snexpr.h:1217:15: note: previous definition of 'j' was here
>        for(int j = 0; j < sne_vec_len(&arg.args); j++) {
>                ^
> core/utils/snexpr.h:1231:7: error: 'for' loop initial declarations are
> only allowed in C99 mode
>        for(int j = 1; j < sne_vec_len(&m.body); j++) {
>        ^
> core/utils/snexpr.h: In function 'snexpr_destroy':
> core/utils/snexpr.h:1412:3: error: 'for' loop initial declarations are
> only allowed in C99 mode
>    for(struct snexpr_var *v = vars->head; v;) {
>    ^
> make[1]: Leaving directory `/builddir/build/BUILD/kamailio-5.7.0-dev1/src'
> make[1]: *** [core/ppcfg.o] Error 1
> make: *** [default] Error 2
> error: Bad exit status from /var/tmp/rpm-tmp.I4sU6o (%build)
>     Bad exit status from /var/tmp/rpm-tmp.I4sU6o (%build)
>
>
>
> RPM build errors:
> ERROR: Exception(../../kamailio-5.7.0-dev1.0.el7.centos.src.rpm)
> Config(epel-7-x86_64) 1 minutes 45 seconds
> INFO: Results and/or logs in: /var/lib/mock/epel-7-x86_64/result
> ERROR: Command failed. See logs for output.
>  # bash --login -c /usr/bin/rpmbuild -bb --target x86_64 --nodeps
> /builddir/build/SPECS/kamailio.spec
> make: *** [rpm] Error 1
>
>
> вт, 27 вер. 2022 р. о 17:50 Daniel-Constantin Mierla <miconda at gmail.com>
> пише:
>
>> Hello,
>>
>> I just tested with git master branch using:
>>
>> secsipid_check_identity("");
>>
>> and started fine. Maybe is something else wrong in your config.
>>
>> Cheers,
>> Daniel
>> On 27.09.22 13:58, Володимир Іванець wrote:
>>
>> Hello Daniel,
>>
>> Sorry for the delayed response. I can confirm that I get the "unknown
>> command, missing loadmodule?" error when using an empty parameter *if
>> (secsipid_check_identity(""))*.
>>
>> And thank you for the clarification about the file with the certificate.
>>
>> пн, 26 вер. 2022 р. о 19:50 Daniel-Constantin Mierla <miconda at gmail.com>
>> пише:
>>
>>> Hello,
>>>
>>> secsipid_check_identity("") should be ok, because the parameter is
>>> empty, but secsipid_check_identity() is not ok, because is no parameter.
>>>
>>> Isn't it working when you have secsipid_check_identity("")?
>>>
>>> It has to be one certificate, which corresponds to the key that was used
>>> to generate the identity header. The function does not expect many
>>> certificates and loop to see if one of them corresponds to the key.
>>>
>>> Cheers,
>>> Daniel
>>> On 26.09.22 17:53, Володимир Іванець wrote:
>>>
>>> Hello Daniel!
>>>
>>> I started with a simpler configuration: *if (secsipid_check_identity())
>>> {* and *if (secsipid_check_identity("")) {* - according to
>>> documentation: *If the parameter is empty, the function is downloading
>>> the key using the URL from "info" parameter of the Identity header, using
>>> the value od "timeout" parameter to limit the download time.* If this
>>> matters, I did not configure modparam "expire" and "timeout".
>>>
>>> When I called secsipid_check_identity with a path to the certificate,
>>> Kamailio started as expected.
>>>
>>> Is there something else I need to do or the function
>>> *secsipid_check_identity* must receive a path to certificate as
>>> parameter? Also, is it safe to assume that this file can contain multiple
>>> certificates?
>>>
>>> Thank you very much!
>>>
>>> пн, 26 вер. 2022 р. о 17:36 Daniel-Constantin Mierla <miconda at gmail.com>
>>> пише:
>>>
>>>> Hello,
>>>>
>>>> maybe the function is provided with invalid parameters? What's the line
>>>> 47 in the file?
>>>>
>>>> Cheers,
>>>> Daniel
>>>> On 26.09.22 15:54, Володимир Іванець wrote:
>>>>
>>>> Hello everyone!
>>>>
>>>> I'm testing calls with STIR/SHAKEN with a Secsipid module on a Kamailio
>>>> version 5.6.1 and ran into a problem. Outbound calls work fine when the
>>>> function *secsipid_add_identity* with appropriate parameters is
>>>> called. But as soon as I add function *secsipid_check_identity* to my
>>>> configuration, Kamilio would not start. Here is an error message I get:
>>>>
>>>> *kamailio: CRITICAL: <core> [core/cfg.y:3791]: yyerror_at(): parse
>>>> error in config file /etc/kamailio/include/registrar.cfg, line 47, column
>>>> 39: unknown command, missing loadmodule?*
>>>>
>>>>
>>>> *loadmodule "secsipid.so"* is present and is above the function
>>>> *secsipid_check_identity* call. Both secsipid.so and secsipid_proc.so
>>>> module files are the correct version and present on the system.
>>>>
>>>>
>>>> Another question is related to the rpm package build. How do you build
>>>> additional modules? I made adjustment to the pkg/kamailio/Makefile file. In
>>>> the *cfg* section changed *$(MAKE) -C ../../src cfg* with *$(MAKE)
>>>> FLAVOUR=kamailio include_modules="secsipid secsipid_proc" -C ../../src cfg*.
>>>> Required modules appeared in the modules.lst file but their rpm packages
>>>> were not built.
>>>>
>>>> Thank you very much!
>>>>
>>>> __________________________________________________________
>>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>>   * sr-users at lists.kamailio.org
>>>> Important: keep the mailing list in the recipients, do not reply only to the sender!
>>>> Edit mailing list options or unsubscribe:
>>>>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>>> --
>>>> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda
>>>> Kamailio Advanced Training - Online
>>>>   Nov 7-10, 2022 (Europe Timezone)
>>>>   * https://www.asipto.com/sw/kamailio-advanced-training-online/
>>>>
>>>> --
>>> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda
>>> Kamailio Advanced Training - Online
>>>   Nov 7-10, 2022 (Europe Timezone)
>>>   * https://www.asipto.com/sw/kamailio-advanced-training-online/
>>>
>>> --
>> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda
>> Kamailio Advanced Training - Online
>>   Nov 7-10, 2022 (Europe Timezone)
>>   * https://www.asipto.com/sw/kamailio-advanced-training-online/
>>
>> --
> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda
> Kamailio Advanced Training - Online
>   Nov 7-10, 2022 (Europe Timezone)
>   * https://www.asipto.com/sw/kamailio-advanced-training-online/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20220928/86cc3f23/attachment.htm>

More information about the sr-users mailing list