[OpenSIPS-Users] compile with openssl version

Tito Cumpen tito at xsvoce.com
Tue Jul 11 16:54:15 EDT 2017


I tried both suggestions. Finally I settled for editing the make file. Now
I am getting this error


Jul 11 20:50:59 cloud-server-06 opensips: DBG:core:load_module: loading
module /usr/lib64/opensips/modules/tls_mgm.so

Jul 11 20:50:59 cloud-server-06 opensips: ERROR:core:sr_load_module: could
not open module </usr/lib64/opensips/modules/tls_mgm.so>:
/usr/lib64/opensips/modules/tls_mgm.so: undefined symbol: GENERAL_NAME_free

Jul 11 20:50:59 cloud-server-06 opensips: ERROR:core:load_module: failed to
load module

Jul 11 20:50:59 cloud-server-06 opensips: CRITICAL:core:yyerror: parse
error in config file /etc/opensips/opensips.cfg, line 68, column 13-14:
failed to load module tls_mgm.so



Here is the edited make file

#

  2 # WARNING: do not run this directly, it should be run by the master
Makefile

  3

  4 include ../../Makefile.defs

  5 auto_gen=

  6 NAME=tls_mgm.so

  7

  8 ETC_DIR?=../../etc/

  9

 10 tls_configs=$(patsubst $(ETC_DIR)/%, %, $(wildcard $(ETC_DIR)/tls/*) \

 11                 $(wildcard $(ETC_DIR)/tls/rootCA/*) $(wildcard
$(ETC_DIR)/tls/rootCA/certs/*) \

 12                 $(wildcard $(ETC_DIR)/tls/rootCA/private/*) $(wildcard
$(ETC_DIR)/tls/user/*))

 13

 14

 15 ifeq ($(CROSS_COMPILE),)

 16 SSL_BUILDER=$(shell \

 17         if pkg-config --exists libssl; then \

 18                 echo 'pkg-config libssl'; \

 19         fi)

 20 endif

 21

 22 ifneq ($(SSL_BUILDER),)

 23         DEFS += $(shell $(SSL_BUILDER) --cflags)

 24           LIBS += -Wl,-rpath /usr/local/ssl/lib/ $(shell $(SSL_BUILDER)
—libs)

 25 else

 26         DEFS += -I$(LOCALBASE)/ssl/include \

 27                         -I$(LOCALBASE)/include

 28         LIBS += -Wl,-rpath /usr/local/ssl/lib/ $(shell $(SSL_BUILDER)
—libs)

 29 endif

 30

 31 include ../../Makefile.modules

 32

 33 install_module_custom:

 34         mkdir -p $(cfg_prefix)/$(cfg_dir)/tls ; \

 35         mkdir -p $(cfg_prefix)/$(cfg_dir)/tls/rootCA ; \

 36         mkdir -p $(cfg_prefix)/$(cfg_dir)/tls/rootCA/certs ; \

 37         mkdir -p $(cfg_prefix)/$(cfg_dir)/tls/rootCA/private ; \

 38         mkdir -p $(cfg_prefix)/$(cfg_dir)/tls/user ; \

 39         for FILE in $(tls_configs) ; do \

 40                 if [ -f $(ETC_DIR)/$$FILE ]; then \

 41                         if [ "$(tls_overwrite_certs)" != "" -o \

 42                                          ! -f
$(cfg_prefix)/$(cfg_dir)/$$FILE ] ; then \

 43                                 $(INSTALL_TOUCH) $(ETC_DIR)/$$FILE \

 44                                         $(cfg_prefix)/$(cfg_dir)/$$FILE
; \

 45                                 $(INSTALL_CFG) $(ETC_DIR)/$$FILE \

 46                                         $(cfg_prefix)/$(cfg_dir)/$$FILE
; \

 47                         fi; \

 48                 fi ;\

 49         done ; \


On Tue, Jul 11, 2017 at 3:51 PM, Mundkowsky, Robert <rmundkowsky at ets.org>
wrote:

> Why hardcode it, just use LD_LIBRARY_PATH
>
>
>
>
>
> Robert
>
>
>
> *From:* Users [mailto:users-bounces at lists.opensips.org] *On Behalf Of *Liviu
> Chircu
> *Sent:* Tuesday, July 11, 2017 3:46 PM
> *To:* users at lists.opensips.org
> *Subject:* Re: [OpenSIPS-Users] compile with openssl version
>
>
>
> It looks like your distro's libssl still has priority over the custom one.
> To avoid both uninstalling libssl and forcing all apps to use the newest
> library, I suggest you compile a hardcoded search path into tls_mgm.so.
>
> Just make a small modification in modules/tls_mgm/Makefile, like in this
> example:
>
> LIBS += -Wl,-rpath /home/liviu/lib $(shell $(SSL_BUILDER) --libs)
>
> Compile the tls_mgm, and if all goes well, the linker should spot the
> custom libssl first:
>
> [liviu ◄ Y510P opensips (master)]$ ldd modules/tls_mgm/tls_mgm.so
>     linux-vdso.so.1 =>  (0x00007ffff040d000)
>     libssl.so.1.0.0 => /home/liviu/lib/libssl.so.1.0.0
> (0x00007fd9cde0a000) <---- the forced "runtime path" is working!
>     libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fd9cda21000)
>     libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
> (0x00007fd9cd5dc000)
>     /lib64/ld-linux-x86-64.so.2 (0x000055a69a1b7000)
>     libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fd9cd3d8000)
>
> Another solution could be:
>
> echo "/usr/local/lib" > /etc/ld.so.conf.d/libssl.conf; ldconfig
>
> But note that this will "upgrade" the library for all apps in your system
> that require it.
>
> Liviu Chircu
>
> OpenSIPS Developer
>
> http://www.opensips-solutions.com <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.opensips-solutions.com&data=02%7C01%7Crmundkowsky%40ets.org%7Ca212f66c4e1b478fa3f208d4c895a94d%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636353992509658350&sdata=N2zZ6Uva4dTQhOf3L3ib4EaoZE1Z2nA8CBMhvLzzrw4%3D&reserved=0>
>
> On 11.07.2017 21:58, Tito Cumpen wrote:
>
> Group,
>
>
>
>
>
> I've updated openssl in order to use opensips 2.3 but I am having issues
> after compiling and running
>
>
>
>
>
>  openssl version -a
>
> OpenSSL 1.0.2k  26 Jan 2017
>
> built on: reproducible build, date unspecified
>
> platform: linux-x86_64
>
> options:  bn(64,64) rc4(8x,int) des(idx,cisc,16,int) idea(int)
> blowfish(idx)
>
> compiler: gcc -I. -I.. -I../include  -DOPENSSL_THREADS -D_REENTRANT
> -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall
> -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
> -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
> -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
> -DECP_NISTZ256_ASM
>
> OPENSSLDIR: "/usr/local/ssl"
>
>
>
>
>
> but when I run opensips I get
>
>
>
>  ERROR:tls_mgm:mod_init: unable to set the memory allocation functions
>
> Jul 11 18:52:56 cloud-server-06 /sbin/opensips[32421]:
> ERROR:tls_mgm:mod_init: NOTE: check if you are using openssl 1.0.1e-fips,
> (or other FIPS version of openssl, as this is known to be broken; if so,
> you need to upgrade or downgrade to a different openssl version!
>
> Jul 11 18:52:56 cloud-server-06 /sbin/opensips[32421]:
> ERROR:tls_mgm:mod_init: current version: OpenSSL 1.0.1e-fips 11 Feb 2013
>
>
>
>
>
> How so I force opensips to use the newer version??
>
>
>
> Thanks,
>
> Tito
>
>
>
>
> _______________________________________________
>
> Users mailing list
>
> Users at lists.opensips.org
>
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.opensips.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fusers&data=02%7C01%7Crmundkowsky%40ets.org%7Ca212f66c4e1b478fa3f208d4c895a94d%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636353992509658350&sdata=roBC8y4Hz%2BDo0drmY09FiJ20K5cU4Dn4YJ4pJdgKy%2Fs%3D&reserved=0>
>
>
>
> ------------------------------
>
> This e-mail and any files transmitted with it may contain privileged or
> confidential information. It is solely for use by the individual for whom
> it is intended, even if addressed incorrectly. If you received this e-mail
> in error, please notify the sender; do not disclose, copy, distribute, or
> take any action in reliance on the contents of this information; and delete
> it from your system. Any other use of this e-mail is prohibited.
>
> Thank you for your compliance.
> ------------------------------
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20170711/0d74b356/attachment.html>


More information about the Users mailing list