Hi Henning,
It's the same unfortunately, and reports the Ubuntu OpenSSL version rather
than the OpenSSL version specified in the environment variables. For
example:
# ls /opt/openssl/lib64/libssl.so
/opt/openssl/lib64/libssl.so
# env | egrep 'LD_PRELOAD|LD_LIBRARY'
LD_PRELOAD=libssl.so
LD_LIBRARY_PATH=/opt/openssl/lib64
# /sbin/kamailio -m 512 -M 8 -P /var/run/enswitch/kamailio.pid
loading modules under config path:
/lib/kamailio/modules/:/lib64/kamailio/modules/
Listening on
udp: xx.xx.xx.xx:5060
# grep 'OpenSSL version' /var/log/syslog | tail -n 1
Aug 22 16:53:50 caes8 /sbin/kamailio[769472]: INFO: tls [tls_mod.c:448]:
mod_init(): use OpenSSL version: 30000020
But the OpenSSL in /opt/openssl/lib64 is version 3.0.9. BTW, it tried using
libcrypto.so instead of libssl.so but it didn't work either.
Is it possible to pass a specific version of OpenSSL to Kamailio at compile
time, or something like that?
Thanks again.
On Thu, 22 Aug 2024 at 00:49, Henning Westerholt <[email protected]> wrote:
> Hello David,
>
>
>
> does it work when you start the kamailio manually on the command line, not
> with systemd?
>
>
>
> Cheers,
>
>
>
> Henning
>
>
>
> *From:* David Cunningham <[email protected]>
> *Sent:* Dienstag, 20. August 2024 02:32
> *To:* Henning Westerholt <[email protected]>
> *Cc:* Kamailio (SER) - Users Mailing List <[email protected]>
> *Subject:* Re: [SR-Users] Re: Using a different OpenSSL
>
>
>
> Hi Henning,
>
>
>
> I've tried that but with no difference. Even when the environment
> variables are set directly in the script which runs the Kamailio binary, it
> still logs the same OpenSSL version as the Ubuntu one, not the FIPS version
> that we compiled into /opt.
>
>
>
> Would anyone have any suggestions on where to go from here?
>
>
>
> Thank you very much!
>
>
>
>
>
> On Fri, 16 Aug 2024 at 19:20, Henning Westerholt <[email protected]> wrote:
>
> Hello David,
>
>
>
> I have not tried it, but it might be the problem that you need to specify
> library name and library paths independently, e.g. refer to this
> discussion:
> https://stackoverflow.com/questions/72862714/systemd-ignores-ld-preload-variable-and-service-cant-start
>
>
>
> Cheers,
>
>
>
> Henning
>
>
>
> --
>
> Henning Westerholt – https://skalatan.de/blog/
>
> Kamailio services – https://gilawa.com
>
>
>
> *From:* David Cunningham via sr-users <[email protected]>
> *Sent:* Freitag, 16. August 2024 02:08
> *To:* Kamailio (SER) - Users Mailing List <[email protected]>
> *Cc:* David Cunningham <[email protected]>
> *Subject:* [SR-Users] Re: Using a different OpenSSL
>
>
>
> Hi Henning and Alex,
>
>
>
> Thanks very much for the answers. I added the following line to
> /etc/systemd/system/kamailio.service, reloaded the systemd configuration,
> and restarted Kamailio. However the "OpenSSL version" logged by Kamailio is
> the same as before. I also tried using libcrypto.so instead of libssl.so
> with the same result. I was able to verify that the LD_PRELOAD environment
> variable was the correct value inside the startup script that's run by
> systemd. Have you any suggestions on what I could be doing wrong? Thanks
> again.
>
>
>
> Environment="LD_PRELOAD=/opt/openssl/lib64/libssl.so"
>
>
>
>
>
> On Thu, 1 Aug 2024 at 22:24, Alex Balashov via sr-users <
> [email protected]> wrote:
>
> Yes, you can use the LD_LIBRARY_PATH, and `ldd` to verify.
>
> > On Aug 1, 2024, at 1:05 AM, David Cunningham via sr-users <
> [email protected]> wrote:
> >
> > Hello,
> >
> > We have compiled openssl 3.0.9 from source because it's FIPS validated,
> and want to use it with Kamailio. The server also has the Ubuntu openssl
> 3.0.2 package installed.
> >
> > Does anyone know how we can tell Kamailio to use the openssl library in
> /opt/openssl/lib64, and how we can verify that it really is using it?
> >
> > Thanking you in advance,
> >
> > --
> > David Cunningham, Voisonics Limited
> > http://voisonics.com/
> > USA: +1 213 221 1092
> > New Zealand: +64 (0)28 2558 3782
> > __________________________________________________________
> > Kamailio - Users Mailing List - Non Commercial Discussions
> > To unsubscribe send an email to [email protected]
> > Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> > Edit mailing list options or unsubscribe:
>
> --
> Alex Balashov
> Principal Consultant
> Evariste Systems LLC
> Web: https://evaristesys.com
> Tel: +1-706-510-6800
>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
> To unsubscribe send an email to [email protected]
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
>
>
>
> --
>
> David Cunningham, Voisonics Limited
> http://voisonics.com/
> USA: +1 213 221 1092
> New Zealand: +64 (0)28 2558 3782
>
>
>
> --
>
> David Cunningham, Voisonics Limited
> http://voisonics.com/
> USA: +1 213 221 1092
> New Zealand: +64 (0)28 2558 3782
>
--
David Cunningham, Voisonics Limited
http://voisonics.com/
USA: +1 213 221 1092
New Zealand: +64 (0)28 2558 3782
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to [email protected]
Important: keep the mailing list in the recipients, do not reply only to the
sender!
Edit mailing list options or unsubscribe:
