Hello David, that log message shows compiled in OpenSSL version number [1]. Check mapped library file e.g. via sudo lsof -p $(pgrep -P1 kamailio) | grep libssl
Regards, Bastian [1] https://github.com/kamailio/kamailio/blob/master/src/modules/tls/tls_mod.c#L493 On Fri, Aug 23, 2024 at 2:47 AM David Cunningham via sr-users <[email protected]> wrote: > > Hi Henning, > > It's the same unfortunately, and reports the Ubuntu OpenSSL version rather > than the OpenSSL version specified in the environment variables. For example: > > # ls /opt/openssl/lib64/libssl.so > /opt/openssl/lib64/libssl.so > > # env | egrep 'LD_PRELOAD|LD_LIBRARY' > LD_PRELOAD=libssl.so > LD_LIBRARY_PATH=/opt/openssl/lib64 > > # /sbin/kamailio -m 512 -M 8 -P /var/run/enswitch/kamailio.pid > loading modules under config path: > /lib/kamailio/modules/:/lib64/kamailio/modules/ > Listening on > udp: xx.xx.xx.xx:5060 > > # grep 'OpenSSL version' /var/log/syslog | tail -n 1 > Aug 22 16:53:50 caes8 /sbin/kamailio[769472]: INFO: tls [tls_mod.c:448]: > mod_init(): use OpenSSL version: 30000020 > > But the OpenSSL in /opt/openssl/lib64 is version 3.0.9. BTW, it tried using > libcrypto.so instead of libssl.so but it didn't work either. > > Is it possible to pass a specific version of OpenSSL to Kamailio at compile > time, or something like that? > > Thanks again. > > > On Thu, 22 Aug 2024 at 00:49, Henning Westerholt <[email protected]> wrote: >> >> Hello David, >> >> >> >> does it work when you start the kamailio manually on the command line, not >> with systemd? >> >> >> >> Cheers, >> >> >> >> Henning >> >> >> >> From: David Cunningham <[email protected]> >> Sent: Dienstag, 20. August 2024 02:32 >> To: Henning Westerholt <[email protected]> >> Cc: Kamailio (SER) - Users Mailing List <[email protected]> >> Subject: Re: [SR-Users] Re: Using a different OpenSSL >> >> >> >> Hi Henning, >> >> >> >> I've tried that but with no difference. Even when the environment variables >> are set directly in the script which runs the Kamailio binary, it still logs >> the same OpenSSL version as the Ubuntu one, not the FIPS version that we >> compiled into /opt. >> >> >> >> Would anyone have any suggestions on where to go from here? >> >> >> >> Thank you very much! >> >> >> >> >> >> On Fri, 16 Aug 2024 at 19:20, Henning Westerholt <[email protected]> wrote: >> >> Hello David, >> >> >> >> I have not tried it, but it might be the problem that you need to specify >> library name and library paths independently, e.g. refer to this discussion: >> https://stackoverflow.com/questions/72862714/systemd-ignores-ld-preload-variable-and-service-cant-start >> >> >> >> Cheers, >> >> >> >> Henning >> >> >> >> -- >> >> Henning Westerholt – https://skalatan.de/blog/ >> >> Kamailio services – https://gilawa.com >> >> >> >> From: David Cunningham via sr-users <[email protected]> >> Sent: Freitag, 16. August 2024 02:08 >> To: Kamailio (SER) - Users Mailing List <[email protected]> >> Cc: David Cunningham <[email protected]> >> Subject: [SR-Users] Re: Using a different OpenSSL >> >> >> >> Hi Henning and Alex, >> >> >> >> Thanks very much for the answers. I added the following line to >> /etc/systemd/system/kamailio.service, reloaded the systemd configuration, >> and restarted Kamailio. However the "OpenSSL version" logged by Kamailio is >> the same as before. I also tried using libcrypto.so instead of libssl.so >> with the same result. I was able to verify that the LD_PRELOAD environment >> variable was the correct value inside the startup script that's run by >> systemd. Have you any suggestions on what I could be doing wrong? Thanks >> again. >> >> >> >> Environment="LD_PRELOAD=/opt/openssl/lib64/libssl.so" >> >> >> >> >> >> On Thu, 1 Aug 2024 at 22:24, Alex Balashov via sr-users >> <[email protected]> wrote: >> >> Yes, you can use the LD_LIBRARY_PATH, and `ldd` to verify. >> >> > On Aug 1, 2024, at 1:05 AM, David Cunningham via sr-users >> > <[email protected]> wrote: >> > >> > Hello, >> > >> > We have compiled openssl 3.0.9 from source because it's FIPS validated, >> > and want to use it with Kamailio. The server also has the Ubuntu openssl >> > 3.0.2 package installed. >> > >> > Does anyone know how we can tell Kamailio to use the openssl library in >> > /opt/openssl/lib64, and how we can verify that it really is using it? >> > >> > Thanking you in advance, >> > >> > -- >> > David Cunningham, Voisonics Limited >> > http://voisonics.com/ >> > USA: +1 213 221 1092 >> > New Zealand: +64 (0)28 2558 3782 >> > __________________________________________________________ >> > Kamailio - Users Mailing List - Non Commercial Discussions >> > To unsubscribe send an email to [email protected] >> > Important: keep the mailing list in the recipients, do not reply only to >> > the sender! >> > Edit mailing list options or unsubscribe: >> >> -- >> Alex Balashov >> Principal Consultant >> Evariste Systems LLC >> Web: https://evaristesys.com >> Tel: +1-706-510-6800 >> >> __________________________________________________________ >> Kamailio - Users Mailing List - Non Commercial Discussions >> To unsubscribe send an email to [email protected] >> Important: keep the mailing list in the recipients, do not reply only to the >> sender! >> Edit mailing list options or unsubscribe: >> >> >> >> -- >> >> David Cunningham, Voisonics Limited >> http://voisonics.com/ >> USA: +1 213 221 1092 >> New Zealand: +64 (0)28 2558 3782 >> >> >> >> -- >> >> David Cunningham, Voisonics Limited >> http://voisonics.com/ >> USA: +1 213 221 1092 >> New Zealand: +64 (0)28 2558 3782 > > > > -- > David Cunningham, Voisonics Limited > http://voisonics.com/ > USA: +1 213 221 1092 > New Zealand: +64 (0)28 2558 3782 > __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions > To unsubscribe send an email to [email protected] > Important: keep the mailing list in the recipients, do not reply only to the > sender! > Edit mailing list options or unsubscribe: __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
