[OpenSIPS-Users] compile with openssl version
Liviu Chircu
liviu at opensips.org
Tue Jul 11 17:34:44 EDT 2017
That's a libcrypto symbol - make sure that one is also compiled and
installed under /usr/local/ssl/lib
Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com
On 11.07.2017 23:54, Tito Cumpen wrote:
> I tried both suggestions. Finally I settled for editing the make file.
> Now I am getting this error
>
>
> Jul 11 20:50:59 cloud-server-06 opensips: DBG:core:load_module:
> loading module /usr/lib64/opensips/modules/tls_mgm.so
>
> Jul 11 20:50:59 cloud-server-06 opensips: ERROR:core:sr_load_module:
> could not open module </usr/lib64/opensips/modules/tls_mgm.so>:
> /usr/lib64/opensips/modules/tls_mgm.so: undefined symbol:
> GENERAL_NAME_free
>
> Jul 11 20:50:59 cloud-server-06 opensips: ERROR:core:load_module:
> failed to load module
>
> Jul 11 20:50:59 cloud-server-06 opensips: CRITICAL:core:yyerror: parse
> error in config file /etc/opensips/opensips.cfg, line 68, column
> 13-14: failed to load module tls_mgm.so
>
>
>
> Here is the edited make file
>
> #
>
> 2 # WARNING: do not run this directly, it should be run by the
> master Makefile
>
> 3
>
> 4 include ../../Makefile.defs
>
> 5 auto_gen=
>
> 6 NAME=tls_mgm.so
>
> 7
>
> 8 ETC_DIR?=../../etc/
>
> 9
>
> 10 tls_configs=$(patsubst $(ETC_DIR)/%, %, $(wildcard $(ETC_DIR)/tls/*) \
>
> 11 $(wildcard $(ETC_DIR)/tls/rootCA/*) $(wildcard
> $(ETC_DIR)/tls/rootCA/certs/*) \
>
> 12 $(wildcard $(ETC_DIR)/tls/rootCA/private/*)
> $(wildcard $(ETC_DIR)/tls/user/*))
>
> 13
>
> 14
>
> 15 ifeq ($(CROSS_COMPILE),)
>
> 16 SSL_BUILDER=$(shell \
>
> 17 if pkg-config --exists libssl; then \
>
> 18 echo 'pkg-config libssl'; \
>
> 19 fi)
>
> 20 endif
>
> 21
>
> 22 ifneq ($(SSL_BUILDER),)
>
> 23 DEFS += $(shell $(SSL_BUILDER) --cflags)
>
> 24 LIBS += -Wl,-rpath /usr/local/ssl/lib/ $(shell
> $(SSL_BUILDER) —libs)
>
> 25 else
>
> 26 DEFS += -I$(LOCALBASE)/ssl/include \
>
> 27 -I$(LOCALBASE)/include
>
> 28 LIBS += -Wl,-rpath /usr/local/ssl/lib/ $(shell
> $(SSL_BUILDER) —libs)
>
> 29 endif
>
> 30
>
> 31 include ../../Makefile.modules
>
> 32
>
> 33 install_module_custom:
>
> 34 mkdir -p $(cfg_prefix)/$(cfg_dir)/tls ; \
>
> 35 mkdir -p $(cfg_prefix)/$(cfg_dir)/tls/rootCA ; \
>
> 36 mkdir -p $(cfg_prefix)/$(cfg_dir)/tls/rootCA/certs ; \
>
> 37 mkdir -p $(cfg_prefix)/$(cfg_dir)/tls/rootCA/private ; \
>
> 38 mkdir -p $(cfg_prefix)/$(cfg_dir)/tls/user ; \
>
> 39 for FILE in $(tls_configs) ; do \
>
> 40 if [ -f $(ETC_DIR)/$$FILE ]; then \
>
> 41 if [ "$(tls_overwrite_certs)" != "" -o \
>
> 42 ! -f $(cfg_prefix)/$(cfg_dir)/$$FILE ] ; then \
>
> 43 $(INSTALL_TOUCH) $(ETC_DIR)/$$FILE \
>
> 44 $(cfg_prefix)/$(cfg_dir)/$$FILE ; \
>
> 45 $(INSTALL_CFG) $(ETC_DIR)/$$FILE \
>
> 46 $(cfg_prefix)/$(cfg_dir)/$$FILE ; \
>
> 47 fi; \
>
> 48 fi ;\
>
> 49 done ; \
>
>
>
> On Tue, Jul 11, 2017 at 3:51 PM, Mundkowsky, Robert
> <rmundkowsky at ets.org <mailto:rmundkowsky at ets.org>> wrote:
>
> Why hardcode it, just use LD_LIBRARY_PATH
>
> Robert
>
> *From:*Users [mailto:users-bounces at lists.opensips.org
> <mailto:users-bounces at lists.opensips.org>] *On Behalf Of *Liviu Chircu
> *Sent:* Tuesday, July 11, 2017 3:46 PM
> *To:* users at lists.opensips.org <mailto:users at lists.opensips.org>
> *Subject:* Re: [OpenSIPS-Users] compile with openssl version
>
> It looks like your distro's libssl still has priority over the
> custom one. To avoid both uninstalling libssl and forcing all apps
> to use the newest library, I suggest you compile a hardcoded
> search path into tls_mgm.so.
>
> Just make a small modification in modules/tls_mgm/Makefile, like
> in this example:
>
> LIBS += -Wl,-rpath /home/liviu/lib $(shell $(SSL_BUILDER) --libs)
>
> Compile the tls_mgm, and if all goes well, the linker should spot
> the custom libssl first:
>
> [liviu ◄ Y510P opensips (master)]$ ldd modules/tls_mgm/tls_mgm.so
> linux-vdso.so.1 => (0x00007ffff040d000)
> libssl.so.1.0.0 => /home/liviu/lib/libssl.so.1.0.0
> (0x00007fd9cde0a000) <---- the forced "runtime path" is working!
> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fd9cda21000)
> libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
> (0x00007fd9cd5dc000)
> /lib64/ld-linux-x86-64.so.2 (0x000055a69a1b7000)
> libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2
> (0x00007fd9cd3d8000)
>
> Another solution could be:
>
> echo "/usr/local/lib" > /etc/ld.so.conf.d/libssl.conf; ldconfig
>
> But note that this will "upgrade" the library for all apps in your
> system that require it.
>
> Liviu Chircu
>
> OpenSIPS Developer
>
> http://www.opensips-solutions.com
> <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.opensips-solutions.com&data=02%7C01%7Crmundkowsky%40ets.org%7Ca212f66c4e1b478fa3f208d4c895a94d%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636353992509658350&sdata=N2zZ6Uva4dTQhOf3L3ib4EaoZE1Z2nA8CBMhvLzzrw4%3D&reserved=0>
>
> On 11.07.2017 21:58, Tito Cumpen wrote:
>
> Group,
>
> I've updated openssl in order to use opensips 2.3 but I am
> having issues after compiling and running
>
> openssl version -a
>
> OpenSSL 1.0.2k 26 Jan 2017
>
> built on: reproducible build, date unspecified
>
> platform: linux-x86_64
>
> options: bn(64,64) rc4(8x,int) des(idx,cisc,16,int) idea(int)
> blowfish(idx)
>
> compiler: gcc -I. -I.. -I../include -DOPENSSL_THREADS
> -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64
> -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
> -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM
> -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM
> -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
> -DECP_NISTZ256_ASM
>
> OPENSSLDIR: "/usr/local/ssl"
>
> but when I run opensips I get
>
> ERROR:tls_mgm:mod_init: unable to set the memory allocation
> functions
>
> Jul 11 18:52:56 cloud-server-06 /sbin/opensips[32421]:
> ERROR:tls_mgm:mod_init: NOTE: check if you are using openssl
> 1.0.1e-fips, (or other FIPS version of openssl, as this is
> known to be broken; if so, you need to upgrade or downgrade to
> a different openssl version!
>
> Jul 11 18:52:56 cloud-server-06 /sbin/opensips[32421]:
> ERROR:tls_mgm:mod_init: current version: OpenSSL 1.0.1e-fips
> 11 Feb 2013
>
> How so I force opensips to use the newer version??
>
> Thanks,
>
> Tito
>
>
>
>
> _______________________________________________
>
> Users mailing list
>
> Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.opensips.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fusers&data=02%7C01%7Crmundkowsky%40ets.org%7Ca212f66c4e1b478fa3f208d4c895a94d%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636353992509658350&sdata=roBC8y4Hz%2BDo0drmY09FiJ20K5cU4Dn4YJ4pJdgKy%2Fs%3D&reserved=0>
>
>
> ------------------------------------------------------------------------
>
> This e-mail and any files transmitted with it may contain
> privileged or confidential information. It is solely for use by
> the individual for whom it is intended, even if addressed
> incorrectly. If you received this e-mail in error, please notify
> the sender; do not disclose, copy, distribute, or take any action
> in reliance on the contents of this information; and delete it
> from your system. Any other use of this e-mail is prohibited.
>
>
> Thank you for your compliance.
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org <mailto:Users at lists.opensips.org>
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> <http://lists.opensips.org/cgi-bin/mailman/listinfo/users>
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20170712/01c7ccb5/attachment-0001.html>
More information about the Users
mailing list