diff --git a/src/modules/stirshaken/doc/stirshaken_admin.xml b/src/modules/stirshaken/doc/stirshaken_admin.xml
index 55ef50a8370..4634f0b752b 100644
--- a/src/modules/stirshaken/doc/stirshaken_admin.xml
+++ b/src/modules/stirshaken/doc/stirshaken_admin.xml
@@ -24,9 +24,10 @@
stirshaken module exports the functions to check and to generate PASSporT, wrapped into SIP Identity header.
For call authentication two functions are available: stirshaken_add_identity(...) and stirshaken_add_identity_with_key(key).
- stirshaken_add_identity() uses default key (through Authentication Service), stirshaken_add_identity_with_key(..., key) uses specifoed key.
+ stirshaken_add_identity() uses default key (through Authentication Service), stirshaken_add_identity_with_key(..., key) uses key specified as argument.
For call verification three methods are available: stirshaken_check_identity() (through Verification Service),
stirshaken_check_identity_with_key(key) and stirshaken_check_identity_with_cert(cert).
+ Only stirshaken_check_identity() may download certificate (if needed) and check it with X509 certificate path check algorithm.
@@ -291,7 +292,11 @@ modparam("stirshaken", "vs_cache_expire_s", 100)
request_route {
...
- if(stirshaken_check_identity()) { // bad identity }
+ if (1 == stirshaken_check_identity()) {
+ xlog("Shaken Identity is OK\n");
+ } else {
+ xlog("Shaken Identity is invalid\n");
+ }
...
}
...
@@ -326,7 +331,11 @@ request_route {
...
request_route {
...
- if(stirshaken_check_identity_with_key("/path/to/key")) { // bad identity }
+ if (1 == stirshaken_check_identity_with_key("/path/to/key")) {
+ xlog("Shaken Identity is OK\n");
+ } else {
+ xlog("Shaken Identity is invalid\n");
+ }
...
}
...
@@ -352,7 +361,11 @@ request_route {
...
request_route {
...
- if(stirshaken_check_identity_with_cert("/path/to/cert")) { // bad identity }
+ if (1 == stirshaken_check_identity_with_cert("/path/to/cert")) {
+ xlog("Shaken Identity is OK\n");
+ } else {
+ xlog("Shaken Identity is invalid\n");
+ }
...
}
...
@@ -382,7 +395,11 @@ request_route {
...
request_route {
...
- stirshaken_add_identity("https://sp.com/sp.pem", "B", "+44100", "+44200", "origid");
+ if (1 == stirshaken_add_identity("https://sp.com/sp.pem", "B", "+44100", "+44200", "origid")) {
+ xlog("Shaken authentication added (SIP Identity Header created)\n");
+ } else {
+ xlog("Failed\n");
+ }
...
}
...
@@ -397,7 +414,11 @@ request_route {
...
request_route {
...
- stirshaken_add_identity("https://sp.com/sp.pem", "B", "+44100", "+44200", "");
+ if (1 == stirshaken_add_identity("https://sp.com/sp.pem", "B", "+44100", "+44200", "")) {
+ xlog("Shaken authentication added (SIP Identity Header created)\n");
+ } else {
+ xlog("Failed\n");
+ }
...
}
...