Asterisk Stir-Shaken Refactor

Note: This new implementation is available as of Asterisk 18.22.0, 20.7.0, and 21.2.0.

It’s been almost 4 years since STIR/SHAKEN support was first added to Asterisk and a lot has changed since them.  As a result, the original implementation wouldn’t actually interoperate with any other STIR/SHAKEN implementations.  The good news is that standards and processes have become clearer as has our understanding of them and this prompted us to start a review and refactor last fall which is now complete.

Some of the major changes include:

  • Support for checking the TNAuthList extension in X509 certificates.
  • Returning “Reason” headers in SIP responses when verification failed but we wished to continue the call.
  • Support for sending Media Key(mky) grants in the Identity header when the call involved DTLS.
  • Performance improvements for outgoing call Telephone Number matching.
  • Additional configuration options.
  • More strict adherence to RFC and ATIS specifications.
  • Using libjwt to handle JWT and PassPORT lifecycle.

All of these changes required a compete refactor of the stir_shaken.conf file which means you’ll need to update that file.

Lots more information is available on the STIR-SHAKEN page on the Asterisk Documentation website.

About the Author

What can we help you find?