24 Jun
2016
24 Jun
'16
7:10 p.m.
Hi,
This is a similar question on a previous thread: "[SR-Users] Compiling kamailio with
custom openssl"
Is it possible to specify a different OpenSSL engine for kamailio to use?
For example:
On nginx you have the config param: ssl_engine <engine>
On apache you have the config param: SSLCryptoDevice <engine>
Is there anything similar on Kamailio?
We are using debian 8 with openssl-1.0.1t and these are the available engines:
root@debian:/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines# ls -l
total 404
-rw-r--r-- 1 root root 19512 Jun 21 11:07 lib4758cca.so
-rw-r--r-- 1 root root 19784 Jun 21 11:07 libaep.so
-rw-r--r-- 1 root root 15576 Jun 21 11:07 libatalla.so
-rw-r--r-- 1 root root 6104 Jun 21 11:07 libcapi.so
-rw-r--r-- 1 root root 24232 Jun 21 11:07 libchil.so
-rw-r--r-- 1 root root 19864 Jun 21 11:07 libcswift.so
-rw-r--r-- 1 root root 6104 Jun 21 11:07 libgmp.so
-rw-r--r-- 1 root root 93304 Jun 21 11:07 libgost.so
-rw-r--r-- 1 root root 15432 Jun 21 11:07 libnuron.so
-rw-r--r-- 1 root root 6104 Jun 21 11:07 libpadlock.so
-rw-r--r-- 1 root root 24096 Jun 21 11:07 libsureware.so
-rw-r--r-- 1 root root 19784 Jun 21 11:07 libubsec.so
root@debian:/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines#
The reason is we have another server with a Cavium SSL card, which provides a dynamic
engine:
-rw-r--r-- 1 root root 127968 Jun 23 15:18 libcavium.so
If it is not possible via config parameter, is there a way to specify the openssl engine
to use before compiling?
Thanks in advance.
Best regards,
Joel.
25 Jun
25 Jun
4:23 a.m.
Hi,
Did you install openssl with shared libraries?
If you have pkg-config available, check the output of
pkg-config --libs openssl
pkg-config --libs libssl
Openssl.pc and libssl.pc should be pointed to your new openssl libraries. This is how it
worked for me. No changes required in kamailio.
Regards
Cibin
Regards
Cibin
On 24-Jun-2016, at 10:40 PM, Joel Serrano | VOZELIA
<joel(a)vozelia.com> wrote:
Hi,
This is a similar question on a previous thread: "[SR-Users] Compiling kamailio with
custom openssl"
Is it possible to specify a different OpenSSL engine for kamailio to use?
For example:
On nginx you have the config param: ssl_engine <engine>
On apache you have the config param: SSLCryptoDevice <engine>
Is there anything similar on Kamailio?
We are using debian 8 with openssl-1.0.1t and these are the available engines:
root@debian:/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines# ls -l
total 404
-rw-r--r-- 1 root root 19512 Jun 21 11:07 lib4758cca.so
-rw-r--r-- 1 root root 19784 Jun 21 11:07 libaep.so
-rw-r--r-- 1 root root 15576 Jun 21 11:07 libatalla.so
-rw-r--r-- 1 root root 6104 Jun 21 11:07 libcapi.so
-rw-r--r-- 1 root root 24232 Jun 21 11:07 libchil.so
-rw-r--r-- 1 root root 19864 Jun 21 11:07 libcswift.so
-rw-r--r-- 1 root root 6104 Jun 21 11:07 libgmp.so
-rw-r--r-- 1 root root 93304 Jun 21 11:07 libgost.so
-rw-r--r-- 1 root root 15432 Jun 21 11:07 libnuron.so
-rw-r--r-- 1 root root 6104 Jun 21 11:07 libpadlock.so
-rw-r--r-- 1 root root 24096 Jun 21 11:07 libsureware.so
-rw-r--r-- 1 root root 19784 Jun 21 11:07 libubsec.so
root@debian:/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines#
The reason is we have another server with a Cavium SSL card, which provides a dynamic
engine:
-rw-r--r-- 1 root root 127968 Jun 23 15:18 libcavium.so
If it is not possible via config parameter, is there a way to specify the openssl engine
to use before compiling?
Thanks in advance.
Best regards,
Joel.
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
7:06 a.m.
Hi Cibin,
The way it works is using the current openssl installation. Basically what you do is
compile an extra engine, this creates a libcavium.so, you copy this file to the openssl
engines directory and that allows you to specify it.
For example, with the regular debian openssl installation, I can now do:
openssl rsa .... -engine cavium
And it will you the cavium engine instead of the default one.
On some softwares you have a parameter that lets you specify what openssl engine to use.
If kamailio has it, it would be a config parameter, if it doesn't have it, I'd
like to know how to compile kamailio tls module and instructing it to user the
"cavium" engine (even If I have to hardcode it in the makefile or something).
I'm a little lost to be honest...
Thanks,
Joel.
----- Original Message -----
From: "Cibin Paul"
<paul_cibin(a)me.com>
To: "Kamailio (SER) - Users Mailing List"
<sr-users(a)lists.sip-router.org>
Sent: Friday, June 24, 2016 7:23:32 PM
Subject: Re: [SR-Users] Specify alternative OpenSSL engine for Kamailio
Hi,
Did you install openssl with shared libraries?
If you have pkg-config available, check the output of
pkg-config --libs openssl
pkg-config --libs libssl
Openssl.pc and libssl.pc should be pointed to your new openssl libraries. This
is how it worked for me. No changes required in kamailio.
Regards
Cibin
Regards
Cibin
On 24-Jun-2016, at 10:40 PM, Joel Serrano |
VOZELIA <joel(a)vozelia.com> wrote:
Hi,
This is a similar question on a previous thread: "[SR-Users] Compiling kamailio
with custom openssl"
Is it possible to specify a different OpenSSL engine for kamailio to use?
For example:
On nginx you have the config param: ssl_engine <engine>
On apache you have the config param: SSLCryptoDevice <engine>
Is there anything similar on Kamailio?
We are using debian 8 with openssl-1.0.1t and these are the available engines:
root@debian:/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines# ls -l
total 404
-rw-r--r-- 1 root root 19512 Jun 21 11:07 lib4758cca.so
-rw-r--r-- 1 root root 19784 Jun 21 11:07 libaep.so
-rw-r--r-- 1 root root 15576 Jun 21 11:07 libatalla.so
-rw-r--r-- 1 root root 6104 Jun 21 11:07 libcapi.so
-rw-r--r-- 1 root root 24232 Jun 21 11:07 libchil.so
-rw-r--r-- 1 root root 19864 Jun 21 11:07 libcswift.so
-rw-r--r-- 1 root root 6104 Jun 21 11:07 libgmp.so
-rw-r--r-- 1 root root 93304 Jun 21 11:07 libgost.so
-rw-r--r-- 1 root root 15432 Jun 21 11:07 libnuron.so
-rw-r--r-- 1 root root 6104 Jun 21 11:07 libpadlock.so
-rw-r--r-- 1 root root 24096 Jun 21 11:07 libsureware.so
-rw-r--r-- 1 root root 19784 Jun 21 11:07 libubsec.so
root@debian:/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines#
The reason is we have another server with a Cavium SSL card, which provides a
dynamic engine:
-rw-r--r-- 1 root root 127968 Jun 23 15:18 libcavium.so
If it is not possible via config parameter, is there a way to specify the
openssl engine to use before compiling?
Thanks in advance.
Best regards,
Joel.
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
3079
days inactive
3080
days old
2 comments
2 participants
participants (2)
-
Cibin Paul -
Joel Serrano | VOZELIA