[OpenSIPS-Users] compile with openssl version

Mundkowsky, Robert rmundkowsky at ets.org
Tue Jul 11 15:51:06 EDT 2017 

Why hardcode it, just use LD_LIBRARY_PATH


Robert

From: Users [mailto:users-bounces at lists.opensips.org] On Behalf Of Liviu Chircu
Sent: Tuesday, July 11, 2017 3:46 PM
To: users at lists.opensips.org
Subject: Re: [OpenSIPS-Users] compile with openssl version


It looks like your distro's libssl still has priority over the custom one. To avoid both uninstalling libssl and forcing all apps to use the newest library, I suggest you compile a hardcoded search path into tls_mgm.so.

Just make a small modification in modules/tls_mgm/Makefile, like in this example:

LIBS += -Wl,-rpath /home/liviu/lib $(shell $(SSL_BUILDER) --libs)

Compile the tls_mgm, and if all goes well, the linker should spot the custom libssl first:

[liviu ◄ Y510P opensips (master)]$ ldd modules/tls_mgm/tls_mgm.so
    linux-vdso.so.1 =>  (0x00007ffff040d000)
    libssl.so.1.0.0 => /home/liviu/lib/libssl.so.1.0.0 (0x00007fd9cde0a000) <---- the forced "runtime path" is working!
    libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fd9cda21000)
    libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007fd9cd5dc000)
    /lib64/ld-linux-x86-64.so.2 (0x000055a69a1b7000)
    libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fd9cd3d8000)

Another solution could be:

echo "/usr/local/lib" > /etc/ld.so.conf.d/libssl.conf; ldconfig

But note that this will "upgrade" the library for all apps in your system that require it.

Liviu Chircu

OpenSIPS Developer

http://www.opensips-solutions.com<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.opensips-solutions.com&data=02%7C01%7Crmundkowsky%40ets.org%7Ca212f66c4e1b478fa3f208d4c895a94d%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636353992509658350&sdata=N2zZ6Uva4dTQhOf3L3ib4EaoZE1Z2nA8CBMhvLzzrw4%3D&reserved=0>
On 11.07.2017 21:58, Tito Cumpen wrote:
Group,


I've updated openssl in order to use opensips 2.3 but I am having issues after compiling and running


 openssl version -a
OpenSSL 1.0.2k  26 Jan 2017
built on: reproducible build, date unspecified
platform: linux-x86_64
options:  bn(64,64) rc4(8x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -I. -I.. -I../include  -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/usr/local/ssl"


but when I run opensips I get

 ERROR:tls_mgm:mod_init: unable to set the memory allocation functions
Jul 11 18:52:56 cloud-server-06 /sbin/opensips[32421]: ERROR:tls_mgm:mod_init: NOTE: check if you are using openssl 1.0.1e-fips, (or other FIPS version of openssl, as this is known to be broken; if so, you need to upgrade or downgrade to a different openssl version!
Jul 11 18:52:56 cloud-server-06 /sbin/opensips[32421]: ERROR:tls_mgm:mod_init: current version: OpenSSL 1.0.1e-fips 11 Feb 2013


How so I force opensips to use the newer version??

Thanks,
Tito




_______________________________________________

Users mailing list

Users at lists.opensips.org<mailto:Users at lists.opensips.org>

http://lists.opensips.org/cgi-bin/mailman/listinfo/users<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.opensips.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fusers&data=02%7C01%7Crmundkowsky%40ets.org%7Ca212f66c4e1b478fa3f208d4c895a94d%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636353992509658350&sdata=roBC8y4Hz%2BDo0drmY09FiJ20K5cU4Dn4YJ4pJdgKy%2Fs%3D&reserved=0>


________________________________

This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.


Thank you for your compliance.

________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20170711/296ef644/attachment-0001.html>

More information about the Users mailing list