June 2025 - gerrit-log - lists.osmocom.org

[M] Change in pysim[master]: smdpp: Verify EID is within permitted range of EUM certificate

by laforge

laforge has submitted this change. ( https://gerrit.osmocom.org/c/pysim/+/40467?usp=email ) Change subject: smdpp: Verify EID is within permitted range of EUM certificate ...................................................................... smdpp: Verify EID is within permitted range of EUM certificate Change-Id: Ice704548cb62f14943927b5295007db13c807031 --- M osmo-smdpp.py 1 file changed, 167 insertions(+), 2 deletions(-) Approvals: laforge: Looks good to me, approved Jenkins Builder: Verified diff --git a/osmo-smdpp.py b/osmo-smdpp.py index 16c0386..b669ff2 100755 --- a/osmo-smdpp.py +++ b/osmo-smdpp.py @@ -64,6 +64,169 @@ if admin_protocol and not admin_protocol.startswith('gsma/rsp/v'): raise ApiError('1.2.2', '2.1', 'Unsupported X-Admin-Protocol version') +def get_eum_certificate_variant(eum_cert) -> str: + """Determine EUM certificate variant by checking Certificate Policies extension. + Returns 'O' for old variant, or 'NEW' for Ov3/A/B/C variants.""" + + try: + cert_policies_ext = eum_cert.extensions.get_extension_for_oid( + x509.oid.ExtensionOID.CERTIFICATE_POLICIES + ) + + for policy in cert_policies_ext.value: + policy_oid = policy.policy_identifier.dotted_string + print(f"Found certificate policy: {policy_oid}") + + if policy_oid == '2.23.146.1.2.1.2': + print("Detected EUM certificate variant: O (old)") + return 'O' + elif policy_oid == '2.23.146.1.2.1.0.0.0': + print("Detected EUM certificate variant: Ov3/A/B/C (new)") + return 'NEW' + except x509.ExtensionNotFound: + print("No Certificate Policies extension found") + except Exception as e: + print(f"Error checking certificate policies: {e}") + +def parse_permitted_eins_from_cert(eum_cert) -> List[str]: + """Extract permitted IINs from EUM certificate using the appropriate method + based on certificate variant (O vs Ov3/A/B/C). + Returns list of permitted IINs (basically prefixes that valid EIDs must start with).""" + + # Determine certificate variant first + cert_variant = get_eum_certificate_variant(eum_cert) + permitted_iins = [] + + if cert_variant == 'O': + # Old variant - use nameConstraints extension + print("Using nameConstraints parsing for variant O certificate") + permitted_iins.extend(_parse_name_constraints_eins(eum_cert)) + + else: + # New variants (Ov3, A, B, C) - use GSMA permittedEins extension + print("Using GSMA permittedEins parsing for newer certificate variant") + permitted_iins.extend(_parse_gsma_permitted_eins(eum_cert)) + + unique_iins = list(set(permitted_iins)) + + print(f"Total unique permitted IINs found: {len(unique_iins)}") + return unique_iins + +def _parse_gsma_permitted_eins(eum_cert) -> List[str]: + """Parse the GSMA permittedEins extension using correct ASN.1 structure. + PermittedEins ::= SEQUENCE OF PrintableString + Each string contains an IIN (Issuer Identification Number) - a prefix of valid EIDs.""" + permitted_iins = [] + + try: + permitted_eins_oid = x509.ObjectIdentifier('2.23.146.1.2.2.0') # sgp26: 2.23.146.1.2.2.0 = ASN1:SEQUENCE:permittedEins + + for ext in eum_cert.extensions: + if ext.oid == permitted_eins_oid: + print(f"Found GSMA permittedEins extension: {ext.oid}") + + # Get the DER-encoded extension value + ext_der = ext.value.value if hasattr(ext.value, 'value') else ext.value + + if isinstance(ext_der, bytes): + try: + import asn1tools + + permitted_eins_schema = """ + PermittedEins DEFINITIONS ::= BEGIN + PermittedEins ::= SEQUENCE OF PrintableString + END + """ + decoder = asn1tools.compile_string(permitted_eins_schema) + decoded_strings = decoder.decode('PermittedEins', ext_der) + + for iin_string in decoded_strings: + # Each string contains an IIN -> prefix of euicc EID + iin_clean = iin_string.strip().upper() + + # IINs is 8 chars per sgp22, var len according to sgp29, fortunately we don't care + if (len(iin_clean) == 8 and + all(c in '0123456789ABCDEF' for c in iin_clean) and + len(iin_clean) % 2 == 0): + permitted_iins.append(iin_clean) + print(f"Found permitted IIN (GSMA): {iin_clean}") + else: + print(f"Invalid IIN format: {iin_string} (cleaned: {iin_clean})") + except Exception as e: + print(f"Error parsing GSMA permittedEins extension: {e}") + + except Exception as e: + print(f"Error accessing GSMA certificate extensions: {e}") + + return permitted_iins + + +def _parse_name_constraints_eins(eum_cert) -> List[str]: + """Parse permitted IINs from nameConstraints extension (variant O).""" + permitted_iins = [] + + try: + # Look for nameConstraints extension + name_constraints_ext = eum_cert.extensions.get_extension_for_oid( + x509.oid.ExtensionOID.NAME_CONSTRAINTS + ) + + print("Found nameConstraints extension (variant O)") + name_constraints = name_constraints_ext.value + + # Check permittedSubtrees for IIN constraints + if name_constraints.permitted_subtrees: + for subtree in name_constraints.permitted_subtrees: + print(f"Processing permitted subtree: {subtree}") + + if isinstance(subtree, x509.DirectoryName): + for attribute in subtree.value: + # IINs for O in serialNumber + if attribute.oid == x509.oid.NameOID.SERIAL_NUMBER: + serial_value = attribute.value.upper() + # sgp22 8, sgp29 var len, fortunately we don't care + if (len(serial_value) == 8 and + all(c in '0123456789ABCDEF' for c in serial_value) and + len(serial_value) % 2 == 0): + permitted_iins.append(serial_value) + print(f"Found permitted IIN (nameConstraints/DN): {serial_value}") + + except x509.ExtensionNotFound: + print("No nameConstraints extension found") + except Exception as e: + print(f"Error parsing nameConstraints: {e}") + + return permitted_iins + + +def validate_eid_range(eid: str, eum_cert) -> bool: + """Validate that EID is within the permitted EINs of the EUM certificate.""" + if not eid or len(eid) != 32: + print(f"Invalid EID format: {eid}") + return False + + try: + permitted_eins = parse_permitted_eins_from_cert(eum_cert) + + if not permitted_eins: + print("Warning: No permitted EINs found in EUM certificate") + return False + + eid_normalized = eid.upper() + print(f"Validating EID {eid_normalized} against {len(permitted_eins)} permitted EINs") + + for permitted_ein in permitted_eins: + if eid_normalized.startswith(permitted_ein): + print(f"EID {eid_normalized} matches permitted EIN {permitted_ein}") + return True + + print(f"EID {eid_normalized} is not in any permitted EIN list") + return False + + except Exception as e: + print(f"Error validating EID: {e}") + return False + def build_status_code(subject_code: str, reason_code: str, subject_id: Optional[str], message: Optional[str]) -> Dict: r = {'subjectCode': subject_code, 'reasonCode': reason_code } if subject_id: @@ -345,11 +508,13 @@ if not self._ecdsa_verify(euicc_cert, euiccSignature1_bin, euiccSigned1_bin): raise ApiError('8.1', '6.1', 'Verification failed (euiccSignature1 over euiccSigned1)') - # TODO: verify EID of eUICC cert is within permitted range of EUM cert - ss.eid = ss.euicc_cert.subject.get_attributes_for_oid(x509.oid.NameOID.SERIAL_NUMBER)[0].value print("EID (from eUICC cert): %s" % ss.eid) + # Verify EID is within permitted range of EUM certificate + if not validate_eid_range(ss.eid, eum_cert): + raise ApiError('8.1.4', '6.1', 'EID is not within the permitted range of the EUM certificate') + # Verify that the serverChallenge attached to the ongoing RSP session matches the # serverChallenge returned by the eUICC. Otherwise, the SM-DP+ SHALL return a status code "eUICC - # Verification failed". -- To view, visit https://gerrit.osmocom.org/c/pysim/+/40467?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: merged Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: Ice704548cb62f14943927b5295007db13c807031 Gerrit-Change-Number: 40467 Gerrit-PatchSet: 7 Gerrit-Owner: Hoernchen <ewild(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: dexter <pmaier(a)sysmocom.de> Gerrit-Reviewer: laforge <laforge(a)osmocom.org>

2 months, 2 weeks

1
0
0 0

[M] Change in pysim[master]: smdpp: Verify EID is within permitted range of EUM certificate

by laforge

Attention is currently required from: Hoernchen, dexter. laforge has posted comments on this change by Hoernchen. ( https://gerrit.osmocom.org/c/pysim/+/40467?usp=email ) Change subject: smdpp: Verify EID is within permitted range of EUM certificate ...................................................................... Patch Set 7: Code-Review+2 -- To view, visit https://gerrit.osmocom.org/c/pysim/+/40467?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: Ice704548cb62f14943927b5295007db13c807031 Gerrit-Change-Number: 40467 Gerrit-PatchSet: 7 Gerrit-Owner: Hoernchen <ewild(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: dexter <pmaier(a)sysmocom.de> Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-Attention: Hoernchen <ewild(a)sysmocom.de> Gerrit-Attention: dexter <pmaier(a)sysmocom.de> Gerrit-Comment-Date: Sat, 21 Jun 2025 13:18:54 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes

2 months, 2 weeks

1
0
0 0

[M] Change in pysim[master]: smdpp: Verify EID is within permitted range of EUM certificate

by laforge

Attention is currently required from: Hoernchen, dexter. laforge has posted comments on this change by Hoernchen. ( https://gerrit.osmocom.org/c/pysim/+/40467?usp=email ) Change subject: smdpp: Verify EID is within permitted range of EUM certificate ...................................................................... Patch Set 7: (1 comment) Commit Message: https://gerrit.osmocom.org/c/pysim/+/40467/comment/c3467e60_4c5a32ee?usp=em… : PS5, Line 7: smdpp: validate eid > This is quite a complex patch. […] Done -- To view, visit https://gerrit.osmocom.org/c/pysim/+/40467?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: Ice704548cb62f14943927b5295007db13c807031 Gerrit-Change-Number: 40467 Gerrit-PatchSet: 7 Gerrit-Owner: Hoernchen <ewild(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: dexter <pmaier(a)sysmocom.de> Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-Attention: Hoernchen <ewild(a)sysmocom.de> Gerrit-Attention: dexter <pmaier(a)sysmocom.de> Gerrit-Comment-Date: Sat, 21 Jun 2025 13:18:51 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: dexter <pmaier(a)sysmocom.de>

2 months, 2 weeks

1
0
0 0

[M] Change in pysim[master]: smdpp: Verify EID is within permitted range of EUM certificate

by laforge

Attention is currently required from: Hoernchen, dexter, laforge. laforge has uploaded a new patch set (#7) to the change originally created by Hoernchen. ( https://gerrit.osmocom.org/c/pysim/+/40467?usp=email ) The following approvals got outdated and were removed: Code-Review+1 by laforge, Code-Review+2 by dexter The change is no longer submittable: Code-Review is unsatisfied now. Change subject: smdpp: Verify EID is within permitted range of EUM certificate ...................................................................... smdpp: Verify EID is within permitted range of EUM certificate Change-Id: Ice704548cb62f14943927b5295007db13c807031 --- M osmo-smdpp.py 1 file changed, 167 insertions(+), 2 deletions(-) git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/67/40467/7 -- To view, visit https://gerrit.osmocom.org/c/pysim/+/40467?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newpatchset Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: Ice704548cb62f14943927b5295007db13c807031 Gerrit-Change-Number: 40467 Gerrit-PatchSet: 7 Gerrit-Owner: Hoernchen <ewild(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: dexter <pmaier(a)sysmocom.de> Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-Attention: Hoernchen <ewild(a)sysmocom.de> Gerrit-Attention: laforge <laforge(a)osmocom.org> Gerrit-Attention: dexter <pmaier(a)sysmocom.de>

2 months, 2 weeks

1
0
0 0

[S] Change in pysim[master]: smdpp: verify request headers

by laforge

laforge has submitted this change. ( https://gerrit.osmocom.org/c/pysim/+/40466?usp=email ) ( 5 is the latest approved patch-set. No files were changed between the latest approved patch-set and the submitted one. )Change subject: smdpp: verify request headers ...................................................................... smdpp: verify request headers Change-Id: Ic1221bcb87a9975a013ab356266d3cb76d9241f1 --- M osmo-smdpp.py 1 file changed, 11 insertions(+), 2 deletions(-) Approvals: Jenkins Builder: Verified dexter: Looks good to me, approved laforge: Looks good to me, but someone else must approve diff --git a/osmo-smdpp.py b/osmo-smdpp.py index 9328b99..16c0386 100755 --- a/osmo-smdpp.py +++ b/osmo-smdpp.py @@ -54,6 +54,16 @@ request.setHeader('Content-Type', 'application/json;charset=UTF-8') request.setHeader('X-Admin-Protocol', 'gsma/rsp/v2.1.0') +def validate_request_headers(request: IRequest): + """Validate mandatory HTTP headers according to SGP.22.""" + content_type = request.getHeader('Content-Type') + if not content_type or not content_type.startswith('application/json'): + raise ApiError('1.2.1', '2.1', 'Invalid Content-Type header') + + admin_protocol = request.getHeader('X-Admin-Protocol') + if admin_protocol and not admin_protocol.startswith('gsma/rsp/v'): + raise ApiError('1.2.2', '2.1', 'Unsupported X-Admin-Protocol version') + def build_status_code(subject_code: str, reason_code: str, subject_id: Optional[str], message: Optional[str]) -> Dict: r = {'subjectCode': subject_code, 'reasonCode': reason_code } if subject_id: @@ -179,8 +189,7 @@ functionality, such as JSON decoding/encoding and debug-printing.""" @functools.wraps(func) def _api_wrapper(self, request: IRequest): - # TODO: evaluate User-Agent + X-Admin-Protocol header - # TODO: reject any non-JSON Content-type + validate_request_headers(request) content = json.loads(request.content.read()) print("Rx JSON: %s" % json.dumps(content)) -- To view, visit https://gerrit.osmocom.org/c/pysim/+/40466?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: merged Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: Ic1221bcb87a9975a013ab356266d3cb76d9241f1 Gerrit-Change-Number: 40466 Gerrit-PatchSet: 6 Gerrit-Owner: Hoernchen <ewild(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: dexter <pmaier(a)sysmocom.de> Gerrit-Reviewer: laforge <laforge(a)osmocom.org>

2 months, 2 weeks

1
0
0 0

[S] Change in pysim[master]: smdpp: update certs

by laforge

laforge has submitted this change. ( https://gerrit.osmocom.org/c/pysim/+/40465?usp=email ) ( 5 is the latest approved patch-set. No files were changed between the latest approved patch-set and the submitted one. )Change subject: smdpp: update certs ...................................................................... smdpp: update certs TLS will expire again: $ find . -iname "CERT*NIST*der" | xargs -ti openssl x509 -in {} -inform DER -noout -checkend $((24*3600*90)) ... openssl x509 -in ./smdpp-data/generated/DPtls/CERT_S_SM_DP_TLS_NIST.der -inform DER -noout -checkend 7776000 Certificate will expire ... Grabbed from SGP.26_v1.5_Certificates_18_07_2024.zip available at https://www.gsma.com/solutions-and-impact/technologies/esim/gsma_resources/… Change-Id: I25442d6f55a385019bba1e47ad3d795120f850ad --- M smdpp-data/certs/DPtls/CERT_S_SM_DP2_TLS.der M smdpp-data/certs/DPtls/CERT_S_SM_DP4_TLS.der M smdpp-data/certs/DPtls/CERT_S_SM_DP8_TLS.der M smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS_BRP.der M smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS_NIST.der M smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS_NIST.pem A smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2024/CERT_S_SM_DP2_TLS.der A smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2024/CERT_S_SM_DP4_TLS.der A smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2024/CERT_S_SM_DP8_TLS.der A smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2024/CERT_S_SM_DP_TLS_BRP.der A smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2024/CERT_S_SM_DP_TLS_NIST.der 11 files changed, 5 insertions(+), 5 deletions(-) Approvals: Jenkins Builder: Verified laforge: Looks good to me, but someone else must approve dexter: Looks good to me, approved diff --git a/smdpp-data/certs/DPtls/CERT_S_SM_DP2_TLS.der b/smdpp-data/certs/DPtls/CERT_S_SM_DP2_TLS.der index be20b34..79ef55d 100644 --- a/smdpp-data/certs/DPtls/CERT_S_SM_DP2_TLS.der +++ b/smdpp-data/certs/DPtls/CERT_S_SM_DP2_TLS.der Binary files differ diff --git a/smdpp-data/certs/DPtls/CERT_S_SM_DP4_TLS.der b/smdpp-data/certs/DPtls/CERT_S_SM_DP4_TLS.der index 07b4c85..eb1d606 100644 --- a/smdpp-data/certs/DPtls/CERT_S_SM_DP4_TLS.der +++ b/smdpp-data/certs/DPtls/CERT_S_SM_DP4_TLS.der Binary files differ diff --git a/smdpp-data/certs/DPtls/CERT_S_SM_DP8_TLS.der b/smdpp-data/certs/DPtls/CERT_S_SM_DP8_TLS.der index 3b45b14..dec58b9 100644 --- a/smdpp-data/certs/DPtls/CERT_S_SM_DP8_TLS.der +++ b/smdpp-data/certs/DPtls/CERT_S_SM_DP8_TLS.der Binary files differ diff --git a/smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS_BRP.der b/smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS_BRP.der index dc730f0..48f8422 100644 --- a/smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS_BRP.der +++ b/smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS_BRP.der Binary files differ diff --git a/smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS_NIST.der b/smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS_NIST.der index 0cb9ba7..b819e77 100644 --- a/smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS_NIST.der +++ b/smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS_NIST.der Binary files differ diff --git a/smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS_NIST.pem b/smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS_NIST.pem index 4525642..c94d612 100644 --- a/smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS_NIST.pem +++ b/smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS_NIST.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIICgjCCAiigAwIBAgIBCjAKBggqhkjOPQQDAjBEMRAwDgYDVQQDDAdUZXN0IENJ +MIICgzCCAiigAwIBAgIBCTAKBggqhkjOPQQDAjBEMRAwDgYDVQQDDAdUZXN0IENJ MREwDwYDVQQLDAhURVNUQ0VSVDEQMA4GA1UECgwHUlNQVEVTVDELMAkGA1UEBhMC -SVQwHhcNMjUwNDIzMTUyMzA1WhcNMzUwNDIxMTUyMzA1WjAzMQ0wCwYDVQQKDARB +SVQwHhcNMjQwNzA5MTUyODMzWhcNMjUwODExMTUyODMzWjAzMQ0wCwYDVQQKDARB Q01FMSIwIAYDVQQDDBl0ZXN0c21kcHBsdXMxLmV4YW1wbGUuY29tMFkwEwYHKoZI zj0CAQYIKoZIzj0DAQcDQgAEKCQwdc6O/R+uZ2g5QH2ybkzLQ3CUYhybOWEz8bJL tQG4/k6yTT4NOS8lP28blGJws8opLjTbb3qHs6X2rJRfCKOCARowggEWMA4GA1Ud @@ -10,7 +10,7 @@ qTAfBgNVHSMEGDAWgBT1QXK9+YqV1ly+uIo4ocEdgAqFwzApBgNVHREEIjAgghl0 ZXN0c21kcHBsdXMxLmV4YW1wbGUuY29tiAOINwowYQYDVR0fBFowWDAqoCigJoYk aHR0cDovL2NpLnRlc3QuZXhhbXBsZS5jb20vQ1JMLUEuY3JsMCqgKKAmhiRodHRw -Oi8vY2kudGVzdC5leGFtcGxlLmNvbS9DUkwtQi5jcmwwCgYIKoZIzj0EAwIDSAAw -RQIgYakBZP6y9/2iu9aZkgb89SQgfRb0TKVMGElWgtyoX2gCIQCT8o/TkAxhWCTY -yaBDMi1L9Ub+93ef5s+S+eHLmwuudA== +Oi8vY2kudGVzdC5leGFtcGxlLmNvbS9DUkwtQi5jcmwwCgYIKoZIzj0EAwIDSQAw +RgIhAL1qQ/cnrCZC7UnnLJ8WeK+0aWUJFWh1cOlBEzw0NlTVAiEA25Vf4WHzwmJi +zkARzxJ1qB0qfBofuJrtfPM4gNJ4Quw= -----END CERTIFICATE----- diff --git a/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2024/CERT_S_SM_DP2_TLS.der b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2024/CERT_S_SM_DP2_TLS.der new file mode 100644 index 0000000..be20b34 --- /dev/null +++ b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2024/CERT_S_SM_DP2_TLS.der Binary files differ diff --git a/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2024/CERT_S_SM_DP4_TLS.der b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2024/CERT_S_SM_DP4_TLS.der new file mode 100644 index 0000000..07b4c85 --- /dev/null +++ b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2024/CERT_S_SM_DP4_TLS.der Binary files differ diff --git a/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2024/CERT_S_SM_DP8_TLS.der b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2024/CERT_S_SM_DP8_TLS.der new file mode 100644 index 0000000..3b45b14 --- /dev/null +++ b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2024/CERT_S_SM_DP8_TLS.der Binary files differ diff --git a/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2024/CERT_S_SM_DP_TLS_BRP.der b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2024/CERT_S_SM_DP_TLS_BRP.der new file mode 100644 index 0000000..dc730f0 --- /dev/null +++ b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2024/CERT_S_SM_DP_TLS_BRP.der Binary files differ diff --git a/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2024/CERT_S_SM_DP_TLS_NIST.der b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2024/CERT_S_SM_DP_TLS_NIST.der new file mode 100644 index 0000000..0cb9ba7 --- /dev/null +++ b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2024/CERT_S_SM_DP_TLS_NIST.der Binary files differ -- To view, visit https://gerrit.osmocom.org/c/pysim/+/40465?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: merged Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: I25442d6f55a385019bba1e47ad3d795120f850ad Gerrit-Change-Number: 40465 Gerrit-PatchSet: 6 Gerrit-Owner: Hoernchen <ewild(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: dexter <pmaier(a)sysmocom.de> Gerrit-Reviewer: laforge <laforge(a)osmocom.org>

2 months, 2 weeks

1
0
0 0

[M] Change in pysim[master]: smdpp: validate eid

by laforge

Attention is currently required from: Hoernchen. laforge has posted comments on this change by Hoernchen. ( https://gerrit.osmocom.org/c/pysim/+/40467?usp=email ) Change subject: smdpp: validate eid ...................................................................... Patch Set 5: (1 comment) File osmo-smdpp.py: https://gerrit.osmocom.org/c/pysim/+/40467/comment/534790f2_b8653c15?usp=em… : PS5, Line 133: print(f"Found GSMA permittedEins extension: {ext.oid}") > Interesting, never saw this print(f"... thing before. it's a regular python format-string, the actually more pythonic way of printing values than what we tend to do (percent operator) -- To view, visit https://gerrit.osmocom.org/c/pysim/+/40467?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: Ice704548cb62f14943927b5295007db13c807031 Gerrit-Change-Number: 40467 Gerrit-PatchSet: 5 Gerrit-Owner: Hoernchen <ewild(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: dexter <pmaier(a)sysmocom.de> Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-Attention: Hoernchen <ewild(a)sysmocom.de> Gerrit-Comment-Date: Sat, 21 Jun 2025 12:20:44 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: dexter <pmaier(a)sysmocom.de>

2 months, 2 weeks

1
0
0 0

[M] Change in libosmo-sigtran[master]: asp: Tx DAUD when ASP becomes activated

by laforge

Attention is currently required from: pespin. laforge has posted comments on this change by pespin. ( https://gerrit.osmocom.org/c/libosmo-sigtran/+/40501?usp=email ) Change subject: asp: Tx DAUD when ASP becomes activated ...................................................................... Patch Set 2: Code-Review+1 -- To view, visit https://gerrit.osmocom.org/c/libosmo-sigtran/+/40501?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: libosmo-sigtran Gerrit-Branch: master Gerrit-Change-Id: I7c8c5099d4d00ea6f4a8db59ed6b833fb0ffa43d Gerrit-Change-Number: 40501 Gerrit-PatchSet: 2 Gerrit-Owner: pespin <pespin(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-Attention: pespin <pespin(a)sysmocom.de> Gerrit-Comment-Date: Sat, 21 Jun 2025 12:11:41 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes

2 months, 2 weeks

1
0
0 0

[M] Change in libosmo-sigtran[master]: Move sccp_address_book logic out of vty.c

by laforge

Attention is currently required from: pespin. laforge has posted comments on this change by pespin. ( https://gerrit.osmocom.org/c/libosmo-sigtran/+/40500?usp=email ) Change subject: Move sccp_address_book logic out of vty.c ...................................................................... Patch Set 1: Code-Review+1 -- To view, visit https://gerrit.osmocom.org/c/libosmo-sigtran/+/40500?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: libosmo-sigtran Gerrit-Branch: master Gerrit-Change-Id: Ib37a2503b8cf0fadce9072020e0e14a2a05561bf Gerrit-Change-Number: 40500 Gerrit-PatchSet: 1 Gerrit-Owner: pespin <pespin(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-Attention: pespin <pespin(a)sysmocom.de> Gerrit-Comment-Date: Sat, 21 Jun 2025 12:10:42 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes

2 months, 2 weeks

1
0
0 0

[XS] Change in libosmo-sigtran[master]: cosmetic: sua: Fix API documentation typo

by laforge

Attention is currently required from: pespin. laforge has posted comments on this change by pespin. ( https://gerrit.osmocom.org/c/libosmo-sigtran/+/40499?usp=email ) Change subject: cosmetic: sua: Fix API documentation typo ...................................................................... Patch Set 1: Code-Review+2 -- To view, visit https://gerrit.osmocom.org/c/libosmo-sigtran/+/40499?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: libosmo-sigtran Gerrit-Branch: master Gerrit-Change-Id: I5aa42a3dfd5782425e23278f1b6a8ee8b9af2cac Gerrit-Change-Number: 40499 Gerrit-PatchSet: 1 Gerrit-Owner: pespin <pespin(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-Attention: pespin <pespin(a)sysmocom.de> Gerrit-Comment-Date: Sat, 21 Jun 2025 12:10:27 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes

2 months, 2 weeks

1
0
0 0

2025

2024

2023

2022

gerrit-log June 2025