Module: kamailio Branch: master Commit: f007736ba18f5cc2114ffdd1e6df2b9b03808fe7 URL: https://github.com/kamailio/kamailio/commit/f007736ba18f5cc2114ffdd1e6df2b9b03808fe7
Author: FelipeCuadra <f.cua...@zaleos.net> Committer: Daniel-Constantin Mierla <mico...@gmail.com> Date: 2025-05-06T13:34:41+02:00 stirshaken: removed repeated x509 certification path check - removed a second check of the x509 certificate path from the module, since it is already done earlier in the library and updated documentation --- Modified: src/modules/stirshaken/doc/stirshaken_admin.xml Modified: src/modules/stirshaken/stirshaken_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/f007736ba18f5cc2114ffdd1e6df2b9b03808fe7.diff Patch: https://github.com/kamailio/kamailio/commit/f007736ba18f5cc2114ffdd1e6df2b9b03808fe7.patch --- diff --git a/src/modules/stirshaken/doc/stirshaken_admin.xml b/src/modules/stirshaken/doc/stirshaken_admin.xml index ef07e6a7212..41f72e5c1b7 100644 --- a/src/modules/stirshaken/doc/stirshaken_admin.xml +++ b/src/modules/stirshaken/doc/stirshaken_admin.xml @@ -528,6 +528,10 @@ request_route { ... </programlisting> </example> + <para> + To ensure proper functionality, the Kamailio stirshaken module requires a minimum version of libstirshaken that includes the stir_shaken_verify_cert_path function for performing the x509 certificate path check. This functionality was added to libstirshaken around 2020 (<![CDATA[https://github.com/signalwire/libstirshaken/commit/58e740b897ae40e2bb02ada2231a051a7eb55137]]>). + If you're using an older version of libstirshaken that predates this commit, the stirshaken module may not function correctly. + </para> </section> </chapter> diff --git a/src/modules/stirshaken/stirshaken_mod.c b/src/modules/stirshaken/stirshaken_mod.c index 95bbdeb5736..5d0bc744885 100644 --- a/src/modules/stirshaken/stirshaken_mod.c +++ b/src/modules/stirshaken/stirshaken_mod.c @@ -613,23 +613,6 @@ static int ki_stirshaken_check_identity(sip_msg_t *msg) goto fail; } - if(stirshaken_vs_verify_x509_cert_path) { - - LM_DBG("Running X509 certificate path verification\n"); - - if(!vs) { - LM_ERR("Verification Service not started\n"); - goto fail; - } - - if(STIR_SHAKEN_STATUS_OK - != stir_shaken_verify_cert_path(&ss, cert_out, vs->store)) { - LM_ERR("Cert did not pass X509 path validation\n"); - stirshaken_print_error_details(&ss); - goto fail; - } - } - if(stirshaken_vs_pptg_pvname.s != 0) { memset(&val, 0, sizeof(pv_value_t)); val.flags = PV_VAL_STR; _______________________________________________ Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org To unsubscribe send an email to sr-dev-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
