Hello David,

 

the version output is indeed the compiled version, sorry for the mistake.

 

Check with the lsof command given earlier for the actually linked version.

 

Otherwise, you could compile a custom kamailio specifically with a local OpenSSL by adapting the library paths, I think.

 

But maybe its not needed, if you can confirm with the lsof command that its using the custom library already.

 

Cheers,

 

Henning

 

From: David Cunningham <dcunningham@voisonics.com>
Sent: Freitag, 23. August 2024 02:02
To: Henning Westerholt <hw@gilawa.com>
Cc: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Subject: Re: [SR-Users] Re: Using a different OpenSSL

 

Hi Henning,

 

It's the same unfortunately, and reports the Ubuntu OpenSSL version rather than the OpenSSL version specified in the environment variables. For example:

 

# ls /opt/openssl/lib64/libssl.so
/opt/openssl/lib64/libssl.so

 

# env | egrep 'LD_PRELOAD|LD_LIBRARY'
LD_PRELOAD=libssl.so
LD_LIBRARY_PATH=/opt/openssl/lib64

 

# /sbin/kamailio -m 512 -M 8 -P /var/run/enswitch/kamailio.pid
loading modules under config path: /lib/kamailio/modules/:/lib64/kamailio/modules/
Listening on
             udp: xx.xx.xx.xx:5060

 

# grep 'OpenSSL version' /var/log/syslog | tail -n 1
Aug 22 16:53:50 caes8 /sbin/kamailio[769472]: INFO: tls [tls_mod.c:448]: mod_init(): use OpenSSL version: 30000020

 

But the OpenSSL in /opt/openssl/lib64 is version 3.0.9. BTW, it tried using libcrypto.so instead of libssl.so but it didn't work either.

 

Is it possible to pass a specific version of OpenSSL to Kamailio at compile time, or something like that?

 

Thanks again.

 

 

On Thu, 22 Aug 2024 at 00:49, Henning Westerholt <hw@gilawa.com> wrote:

Hello David,

 

does it work when you start the kamailio manually on the command line, not with systemd?

 

Cheers,

 

Henning

 

From: David Cunningham <dcunningham@voisonics.com>
Sent: Dienstag, 20. August 2024 02:32
To: Henning Westerholt <hw@gilawa.com>
Cc: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Subject: Re: [SR-Users] Re: Using a different OpenSSL

 

Hi Henning,

 

I've tried that but with no difference. Even when the environment variables are set directly in the script which runs the Kamailio binary, it still logs the same OpenSSL version as the Ubuntu one, not the FIPS version that we compiled into /opt.

 

Would anyone have any suggestions on where to go from here?

 

Thank you very much!

 

 

On Fri, 16 Aug 2024 at 19:20, Henning Westerholt <hw@gilawa.com> wrote:

Hello David,

 

I have not tried it, but it might be the problem that you need to specify library name and library paths independently, e.g. refer to this discussion: https://stackoverflow.com/questions/72862714/systemd-ignores-ld-preload-variable-and-service-cant-start

 

Cheers,

 

Henning

 

--

Henning Westerholt – https://skalatan.de/blog/

Kamailio services – https://gilawa.com

 

From: David Cunningham via sr-users <sr-users@lists.kamailio.org>
Sent: Freitag, 16. August 2024 02:08
To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Cc: David Cunningham <dcunningham@voisonics.com>
Subject: [SR-Users] Re: Using a different OpenSSL

 

Hi Henning and Alex,

 

Thanks very much for the answers. I added the following line to /etc/systemd/system/kamailio.service, reloaded the systemd configuration, and restarted Kamailio. However the "OpenSSL version" logged by Kamailio is the same as before. I also tried using libcrypto.so instead of libssl.so with the same result. I was able to verify that the LD_PRELOAD environment variable was the correct value inside the startup script that's run by systemd. Have you any suggestions on what I could be doing wrong? Thanks again.

 

Environment="LD_PRELOAD=/opt/openssl/lib64/libssl.so"

 

 

On Thu, 1 Aug 2024 at 22:24, Alex Balashov via sr-users <sr-users@lists.kamailio.org> wrote:

Yes, you can use the LD_LIBRARY_PATH, and `ldd` to verify.

> On Aug 1, 2024, at 1:05AM, David Cunningham via sr-users <sr-users@lists.kamailio.org> wrote:
>
> Hello,
>
> We have compiled openssl 3.0.9 from source because it's FIPS validated, and want to use it with Kamailio. The server also has the Ubuntu openssl 3.0.2 package installed.
>
> Does anyone know how we can tell Kamailio to use the openssl library in /opt/openssl/lib64, and how we can verify that it really is using it?
>
> Thanking you in advance,
>
> --
> David Cunningham, Voisonics Limited
> http://voisonics.com/
> USA: +1 213 221 1092
> New Zealand: +64 (0)28 2558 3782
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
> To unsubscribe send an email to sr-users-leave@lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to the sender!
> Edit mailing list options or unsubscribe:

--
Alex Balashov
Principal Consultant
Evariste Systems LLC
Web: https://evaristesys.com
Tel: +1-706-510-6800

__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:



--

David Cunningham, Voisonics Limited
http://voisonics.com/
USA: +1 213 221 1092
New Zealand: +64 (0)28 2558 3782



--

David Cunningham, Voisonics Limited
http://voisonics.com/
USA: +1 213 221 1092
New Zealand: +64 (0)28 2558 3782



--

David Cunningham, Voisonics Limited
http://voisonics.com/
USA: +1 213 221 1092
New Zealand: +64 (0)28 2558 3782