Hi Henning,
It's the same unfortunately, and reports the Ubuntu OpenSSL version rather than the
OpenSSL version specified in the environment variables. For example:
# ls /opt/openssl/lib64/libssl.so
/opt/openssl/lib64/libssl.so
# env | egrep 'LD_PRELOAD|LD_LIBRARY'
LD_PRELOAD=libssl.so
LD_LIBRARY_PATH=/opt/openssl/lib64
# /sbin/kamailio -m 512 -M 8 -P /var/run/enswitch/kamailio.pid
loading modules under config path: /lib/kamailio/modules/:/lib64/kamailio/modules/
Listening on
udp: xx.xx.xx.xx:5060
# grep 'OpenSSL version' /var/log/syslog | tail -n 1
Aug 22 16:53:50 caes8 /sbin/kamailio[769472]: INFO: tls [tls_mod.c:448]: mod_init(): use
OpenSSL version: 30000020
But the OpenSSL in /opt/openssl/lib64 is version 3.0.9. BTW, it tried using libcrypto.so
instead of libssl.so but it didn't work either.
Is it possible to pass a specific version of OpenSSL to Kamailio at compile time, or
something like that?
Thanks again.
On Thu, 22 Aug 2024 at 00:49, Henning Westerholt <hw(a)gilawa.com> wrote:
Hello David,
does it work when you start the kamailio manually on the command line, not with systemd?
Cheers,
Henning
From: David Cunningham <dcunningham(a)voisonics.com>
Sent: Dienstag, 20. August 2024 02:32
To: Henning Westerholt <hw(a)gilawa.com>
Cc: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
Subject: Re: [SR-Users] Re: Using a different OpenSSL
Hi Henning,
I've tried that but with no difference. Even when the environment variables are set
directly in the script which runs the Kamailio binary, it still logs the same OpenSSL
version as the Ubuntu one, not the FIPS version that we compiled into /opt.
Would anyone have any suggestions on where to go from here?
Thank you very much!
On Fri, 16 Aug 2024 at 19:20, Henning Westerholt <hw(a)gilawa.com> wrote:
Hello David,
I have not tried it, but it might be the problem that you need to specify library name
and library paths independently, e.g. refer to this discussion:
https://stackoverflow.com/questions/72862714/systemd-ignores-ld-preload-var…
Cheers,
Henning
--
Henning Westerholt –
https://skalatan.de/blog/
Kamailio services –
https://gilawa.com
From: David Cunningham via sr-users <sr-users(a)lists.kamailio.org>
Sent: Freitag, 16. August 2024 02:08
To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
Cc: David Cunningham <dcunningham(a)voisonics.com>
Subject: [SR-Users] Re: Using a different OpenSSL
Hi Henning and Alex,
Thanks very much for the answers. I added the following line to
/etc/systemd/system/kamailio.service, reloaded the systemd configuration, and restarted
Kamailio. However the "OpenSSL version" logged by Kamailio is the same as
before. I also tried using libcrypto.so instead of libssl.so with the same result. I was
able to verify that the LD_PRELOAD environment variable was the correct value inside the
startup script that's run by systemd. Have you any suggestions on what I could be
doing wrong? Thanks again.
Environment="LD_PRELOAD=/opt/openssl/lib64/libssl.so"
On Thu, 1 Aug 2024 at 22:24, Alex Balashov via sr-users
<sr-users(a)lists.kamailio.org> wrote:
Yes, you can use the LD_LIBRARY_PATH, and `ldd` to verify.
On Aug 1, 2024, at 1:05 AM, David Cunningham via
sr-users <sr-users(a)lists.kamailio.org> wrote:
Hello,
We have compiled openssl 3.0.9 from source because it's FIPS validated, and want to
use it with Kamailio. The server also has the Ubuntu openssl 3.0.2 package installed.
Does anyone know how we can tell Kamailio to use the openssl library in
/opt/openssl/lib64, and how we can verify that it really is using it?
Thanking you in advance,
--
David Cunningham, Voisonics Limited
http://voisonics.com/
USA: +1 213 221 1092
New Zealand: +64 (0)28 2558 3782
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
--
Alex Balashov
Principal Consultant
Evariste Systems LLC
Web:
https://evaristesys.com
Tel: +1-706-510-6800
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
--
David Cunningham, Voisonics Limited
http://voisonics.com/
USA: +1 213 221 1092
New Zealand: +64 (0)28 2558 3782
--
David Cunningham, Voisonics Limited
http://voisonics.com/
USA: +1 213 221 1092
New Zealand: +64 (0)28 2558 3782
USA: +1 213 221 1092
New Zealand: +64 (0)28 2558 3782
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe: