[OpenSIPS-Users] Removing Identity hdr

[Srigo Kanapathipillai]

Hi Bogdan, 

Thank you for the fix. I have tested with Opensips 3.4.7 and it works as expected now.

Regards,
Srigo

> On 5 Jul 2024, at 10:53, Bogdan-Andrei Iancu <bogdan at opensips.org> wrote:
> 
> Hi Srigo,
> 
> You the remove in the right way, nothing more you can do about it. The problem is how the remove works and how `stir_shaken_verify()` tests for the hdr - the two are incompatible.
> So, IMHO, we should remove from the `stir_shaken_verify()` function the check on the Identity hdr presence . I just pushed this fix on 3.4/3.5/master versions.
> 
> Regards,
> 
> Bogdan-Andrei Iancu
> 
> OpenSIPS Founder and Developer
>  https://www.opensips-solutions.com
>  https://www.siphub.com
> 
> On 18.06.2024 09:31, Srigo Kanapathipillai wrote:
>> Hi,
>> 
>> I'm encountering an issue with removing an Identity header in OpenSIPS 3.4. Here’s the situation:
>> 
>> 1. An incoming call with an Identity header is received.
>> 2. I perform a `stir_shaken_verify()` and remove the Identity header in a request route.
>> 3. The call is forwarded to an upstream server, but it fails.
>> 4. In the `failure_route`, I need to forward the call to a PSTN number.
>> 
>> 5. Before sending the call to the PSTN (in compliance with French STIR/SHAKEN regulations), I need to sign it with my certificate.
>> 
>> However, when I call `stir_shaken_auth()`, I receive an error -2 indicating that the Identity header already exists. Despite running `remove_hf(identity)` before calling this function, the header isn't removed, and `$hdr(identity)` still returns the initial value of the Identity header.
>> 
>> What is the best way to remove the existing Identity header and re-sign the call?
>> 
>> Thank you,
>> Srigo
>> 
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>