[OpenSIPS-Users] compile with openssl version

Tito Cumpen tito at xsvoce.com
Tue Jul 11 17:38:44 EDT 2017 

Liviu,


it is check out the following

ls -al /usr/local/ssl/lib/

total 5780

drwxr-xr-x 4 root root    4096 Jul 11 18:22 .

drwxr-xr-x 9 root root    4096 Jul 11 18:22 ..

drwxr-xr-x 2 root root    4096 Apr 24 21:35 engines

-rw-r--r-- 1 root root 5122378 Jul 11 18:22 libcrypto.a

-rw-r--r-- 1 root root  776104 Jul 11 18:22 libssl.a

drwxr-xr-x 2 root root    4096 Apr 24 21:35 pkgconfig



is there an extra module I need to enable when compiling openssl?





On Tue, Jul 11, 2017 at 5:34 PM, Liviu Chircu <liviu at opensips.org> wrote:

> That's a libcrypto symbol - make sure that one is also compiled and
> installed under /usr/local/ssl/lib
>
> Liviu Chircu
> OpenSIPS Developerhttp://www.opensips-solutions.com
>
> On 11.07.2017 23:54, Tito Cumpen wrote:
>
> I tried both suggestions. Finally I settled for editing the make file. Now
> I am getting this error
>
>
> Jul 11 20:50:59 cloud-server-06 opensips: DBG:core:load_module: loading
> module /usr/lib64/opensips/modules/tls_mgm.so
>
> Jul 11 20:50:59 cloud-server-06 opensips: ERROR:core:sr_load_module: could
> not open module </usr/lib64/opensips/modules/tls_mgm.so>:
> /usr/lib64/opensips/modules/tls_mgm.so: undefined symbol:
> GENERAL_NAME_free
>
> Jul 11 20:50:59 cloud-server-06 opensips: ERROR:core:load_module: failed
> to load module
>
> Jul 11 20:50:59 cloud-server-06 opensips: CRITICAL:core:yyerror: parse
> error in config file /etc/opensips/opensips.cfg, line 68, column 13-14:
> failed to load module tls_mgm.so
>
>
>
> Here is the edited make file
>
> #
>
>   2 # WARNING: do not run this directly, it should be run by the master
> Makefile
>
>   3
>
>   4 include ../../Makefile.defs
>
>   5 auto_gen=
>
>   6 NAME=tls_mgm.so
>
>   7
>
>   8 ETC_DIR?=../../etc/
>
>   9
>
>  10 tls_configs=$(patsubst $(ETC_DIR)/%, %, $(wildcard $(ETC_DIR)/tls/*) \
>
>  11                 $(wildcard $(ETC_DIR)/tls/rootCA/*) $(wildcard
> $(ETC_DIR)/tls/rootCA/certs/*) \
>
>  12                 $(wildcard $(ETC_DIR)/tls/rootCA/private/*)
> $(wildcard $(ETC_DIR)/tls/user/*))
>
>  13
>
>  14
>
>  15 ifeq ($(CROSS_COMPILE),)
>
>  16 SSL_BUILDER=$(shell \
>
>  17         if pkg-config --exists libssl; then \
>
>  18                 echo 'pkg-config libssl'; \
>
>  19         fi)
>
>  20 endif
>
>  21
>
>  22 ifneq ($(SSL_BUILDER),)
>
>  23         DEFS += $(shell $(SSL_BUILDER) --cflags)
>
>  24           LIBS += -Wl,-rpath /usr/local/ssl/lib/ $(shell
> $(SSL_BUILDER) —libs)
>
>  25 else
>
>  26         DEFS += -I$(LOCALBASE)/ssl/include \
>
>  27                         -I$(LOCALBASE)/include
>
>  28         LIBS += -Wl,-rpath /usr/local/ssl/lib/ $(shell $(SSL_BUILDER)
> —libs)
>
>  29 endif
>
>  30
>
>  31 include ../../Makefile.modules
>
>  32
>
>  33 install_module_custom:
>
>  34         mkdir -p $(cfg_prefix)/$(cfg_dir)/tls ; \
>
>  35         mkdir -p $(cfg_prefix)/$(cfg_dir)/tls/rootCA ; \
>
>  36         mkdir -p $(cfg_prefix)/$(cfg_dir)/tls/rootCA/certs ; \
>
>  37         mkdir -p $(cfg_prefix)/$(cfg_dir)/tls/rootCA/private ; \
>
>  38         mkdir -p $(cfg_prefix)/$(cfg_dir)/tls/user ; \
>
>  39         for FILE in $(tls_configs) ; do \
>
>  40                 if [ -f $(ETC_DIR)/$$FILE ]; then \
>
>  41                         if [ "$(tls_overwrite_certs)" != "" -o \
>
>  42                                          ! -f
> $(cfg_prefix)/$(cfg_dir)/$$FILE ] ; then \
>
>  43                                 $(INSTALL_TOUCH) $(ETC_DIR)/$$FILE \
>
>  44                                         $(cfg_prefix)/$(cfg_dir)/$$FILE
> ; \
>
>  45                                 $(INSTALL_CFG) $(ETC_DIR)/$$FILE \
>
>  46                                         $(cfg_prefix)/$(cfg_dir)/$$FILE
> ; \
>
>  47                         fi; \
>
>  48                 fi ;\
>
>  49         done ; \
>
>
> On Tue, Jul 11, 2017 at 3:51 PM, Mundkowsky, Robert <rmundkowsky at ets.org>
> wrote:
>
>> Why hardcode it, just use LD_LIBRARY_PATH
>>
>>
>>
>>
>>
>> Robert
>>
>>
>>
>> *From:* Users [mailto:users-bounces at lists.opensips.org] *On Behalf Of *Liviu
>> Chircu
>> *Sent:* Tuesday, July 11, 2017 3:46 PM
>> *To:* users at lists.opensips.org
>> *Subject:* Re: [OpenSIPS-Users] compile with openssl version
>>
>>
>>
>> It looks like your distro's libssl still has priority over the custom
>> one. To avoid both uninstalling libssl and forcing all apps to use the
>> newest library, I suggest you compile a hardcoded search path into
>> tls_mgm.so.
>>
>> Just make a small modification in modules/tls_mgm/Makefile, like in this
>> example:
>>
>> LIBS += -Wl,-rpath /home/liviu/lib $(shell $(SSL_BUILDER) --libs)
>>
>> Compile the tls_mgm, and if all goes well, the linker should spot the
>> custom libssl first:
>>
>> [liviu ◄ Y510P opensips (master)]$ ldd modules/tls_mgm/tls_mgm.so
>>     linux-vdso.so.1 =>  (0x00007ffff040d000)
>>     libssl.so.1.0.0 => /home/liviu/lib/libssl.so.1.0.0
>> (0x00007fd9cde0a000) <---- the forced "runtime path" is working!
>>     libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fd9cda21000)
>>     libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
>> (0x00007fd9cd5dc000)
>>     /lib64/ld-linux-x86-64.so.2 (0x000055a69a1b7000)
>>     libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fd9cd3d8000)
>>
>> Another solution could be:
>>
>> echo "/usr/local/lib" > /etc/ld.so.conf.d/libssl.conf; ldconfig
>>
>> But note that this will "upgrade" the library for all apps in your system
>> that require it.
>>
>> Liviu Chircu
>>
>> OpenSIPS Developer
>>
>> http://www.opensips-solutions.com <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.opensips-solutions.com&data=02%7C01%7Crmundkowsky%40ets.org%7Ca212f66c4e1b478fa3f208d4c895a94d%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636353992509658350&sdata=N2zZ6Uva4dTQhOf3L3ib4EaoZE1Z2nA8CBMhvLzzrw4%3D&reserved=0>
>>
>> On 11.07.2017 21:58, Tito Cumpen wrote:
>>
>> Group,
>>
>>
>>
>>
>>
>> I've updated openssl in order to use opensips 2.3 but I am having issues
>> after compiling and running
>>
>>
>>
>>
>>
>>  openssl version -a
>>
>> OpenSSL 1.0.2k  26 Jan 2017
>>
>> built on: reproducible build, date unspecified
>>
>> platform: linux-x86_64
>>
>> options:  bn(64,64) rc4(8x,int) des(idx,cisc,16,int) idea(int)
>> blowfish(idx)
>>
>> compiler: gcc -I. -I.. -I../include  -DOPENSSL_THREADS -D_REENTRANT
>> -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall
>> -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
>> -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
>> -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
>> -DECP_NISTZ256_ASM
>>
>> OPENSSLDIR: "/usr/local/ssl"
>>
>>
>>
>>
>>
>> but when I run opensips I get
>>
>>
>>
>>  ERROR:tls_mgm:mod_init: unable to set the memory allocation functions
>>
>> Jul 11 18:52:56 cloud-server-06 /sbin/opensips[32421]:
>> ERROR:tls_mgm:mod_init: NOTE: check if you are using openssl 1.0.1e-fips,
>> (or other FIPS version of openssl, as this is known to be broken; if so,
>> you need to upgrade or downgrade to a different openssl version!
>>
>> Jul 11 18:52:56 cloud-server-06 /sbin/opensips[32421]:
>> ERROR:tls_mgm:mod_init: current version: OpenSSL 1.0.1e-fips 11 Feb 2013
>>
>>
>>
>>
>>
>> How so I force opensips to use the newer version??
>>
>>
>>
>> Thanks,
>>
>> Tito
>>
>>
>>
>>
>> _______________________________________________
>>
>> Users mailing list
>>
>> Users at lists.opensips.org
>>
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.opensips.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fusers&data=02%7C01%7Crmundkowsky%40ets.org%7Ca212f66c4e1b478fa3f208d4c895a94d%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636353992509658350&sdata=roBC8y4Hz%2BDo0drmY09FiJ20K5cU4Dn4YJ4pJdgKy%2Fs%3D&reserved=0>
>>
>>
>>
>> ------------------------------
>>
>> This e-mail and any files transmitted with it may contain privileged or
>> confidential information. It is solely for use by the individual for whom
>> it is intended, even if addressed incorrectly. If you received this e-mail
>> in error, please notify the sender; do not disclose, copy, distribute, or
>> take any action in reliance on the contents of this information; and delete
>> it from your system. Any other use of this e-mail is prohibited.
>>
>> Thank you for your compliance.
>> ------------------------------
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>
>
> _______________________________________________
> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20170711/7473a451/attachment-0001.html>

More information about the Users mailing list