[OpenSIPS-Users] STIR/SHAKEN E.164 strict mode module parameter not working .

Vlad Patrascu vladp at opensips.org
Thu Nov 18 22:13:07 EST 2021 

Hi Devang,

The error:

ERROR:stir_shaken:add_identity_hf: Failed to convert from DER to internal format

may be a bit misleading as the private key and certificate must be 
provided in PEM format to the stir_shaken_auth() function. The DER 
format that the error refers to is used only internally, for an 
intermediary step. On the other hand, you may get the same error if the 
private key is not generated as an "prime256v1" EC key.

Regarding the e164_strict_mode module parameter, the orig/dest number 
should still be in E.164 format, except the leading '+' sign, which is 
not required when the parameter is turned off. The parameter is also 
related to the type of URI required (tel URI / sip URI with the 
"user=phone" parameter).

Regards,

Vlad

-- 
Vlad Patrascu
OpenSIPS Core Developer
http://www.opensips-solutions.com

On 17.11.2021 17:27, Devang Dhandhalya wrote:
> hello all
>
>
> Above E.164 Error still getting .Right now I'm getting the below error .
> Can anyone tell me why I am getting this error ? as far as i know this
> error for x5u parameter in stir_shaken_auth function , this issue coming
> for certificate path or certificate file format .
>
>
> I check the certificate file with .der and .cer format also .
>
> Here is the code snippet used .
>
>
> $var(rc_auth)=stir_shaken_auth("A", "GWID-123456","$var(cert)", 
> "$var(pkey)","http://localhost/certificate.pem 
> <http://localhost/certificate.pem>","$var(orig)","$var(dest)");
>
> Below Error i am getting .
>
>
> ERROR:stir_shaken:add_identity_hf: Failed to convert from DER to internal format
>
> ERROR:stir_shaken:w_stir_auth: Failed to add Identity header
>
> STIR_SHAKEN AUTHENTICATION SERVICE  return code : -1
>
> Kindly let me know if there is something wrong that I could be doing. 
> Many Thanks Devang Dhandhalya
>
>
> On Wed, Nov 17, 2021 at 11:37 AM Devang Dhandhalya 
> <devang.dhandhalya at ecosmob.com <mailto:devang.dhandhalya at ecosmob.com>> 
> wrote:
>
>     Hi All
>
>     I configured the e164 strict mode module parameter as 0 (disabled)
>     . but still i am getting errors related to its e164 format .While
>     if orig/dest number is not in e164 format then also opensips have
>     to accept it but it is not accepting .  I have a user like
>     extension123 for this function I have to perform authentication
>     service . if i have a user extension123 is it possible to perform
>     authenticate service for this kind of user ?
>
>     I think this is a bug for the e164 strict mode  module parameter .
>     I am getting the below error .
>
>     opensips version : 3.2.2
>
>     ERROR :
>      ERROR:stir_shaken:check_passport_phonenum: number is not in E.164
>     format: extension123
>      ERROR:stir_shaken:w_stir_auth: failed to validate Originator
>     number (extension123)
>
>
>     loadmodule "stir_shaken.so"
>     modparam("stir_shaken", "auth_date_freshness", 300)
>     modparam("stir_shaken", "verify_date_freshness", 300)
>     modparam("stir_shaken", "require_date_hdr", 0)
>     modparam("stir_shaken", "e164_strict_mode", 0)
>
>     $var(orig) = $fU;
>     $var(dest) = $tU
>      $var(rc_auth)=stir_shaken_auth("A", "GWID-123456","$var(cert)",
>     "$var(pkey)","http://localhost/certificate.pem
>     <http://localhost/certificate.pem>","$var(orig)","$var(dest)");
>
>     Please suggest a solution to this .
>
>     Many Thanks
>     Devang
>
>
> *Disclaimer*
> In addition to generic Disclaimer which you have agreed on our 
> website, any views or opinions presented in this email are solely 
> those of the originator and do not necessarily represent those of the 
> Company or its sister concerns. Any liability (in negligence, contract 
> or otherwise) arising from any third party taking any action, or 
> refraining from taking any action on the basis of any of the 
> information contained in this email is hereby excluded.
>
> *Confidentiality*
> This communication (including any attachment/s) is intended only for 
> the use of the addressee(s) and contains information that is 
> PRIVILEGED AND CONFIDENTIAL. Unauthorized reading, dissemination, 
> distribution, or copying of this communication is prohibited. Please 
> inform originator if you have received it in error.
>
> *Caution for viruses, malware etc.*
> This communication, including any attachments, may not be free of 
> viruses, trojans, similar or new contaminants/malware, interceptions 
> or interference, and may not be compatible with your systems. You 
> shall carry out virus/malware scanning on your own before opening any 
> attachment to this e-mail. The sender of this e-mail and Company 
> including its sister concerns shall not be liable for any damage that 
> may incur to you as a result of viruses, incompleteness of this 
> message, a delay in receipt of this message or any other computer 
> problems.
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20211119/9e015801/attachment-0001.html>

More information about the Users mailing list