<div dir="ltr">Liviu,<div><br></div><div><br></div><div>it is check out the following </div><div><br></div><div>
<p class="gmail-p1"><span class="gmail-s1">ls -al /usr/local/ssl/lib/</span></p>
<p class="gmail-p1"><span class="gmail-s1">total 5780</span></p>
<p class="gmail-p1"><span class="gmail-s1">drwxr-xr-x 4 root root<span class="gmail-Apple-converted-space"> </span>4096 Jul 11 18:22 </span><span class="gmail-s2">.</span></p>
<p class="gmail-p1"><span class="gmail-s1">drwxr-xr-x 9 root root<span class="gmail-Apple-converted-space"> </span>4096 Jul 11 18:22 </span><span class="gmail-s2">..</span></p>
<p class="gmail-p1"><span class="gmail-s1">drwxr-xr-x 2 root root<span class="gmail-Apple-converted-space"> </span>4096 Apr 24 21:35 </span><span class="gmail-s2">engines</span></p>
<p class="gmail-p1"><span class="gmail-s1">-rw-r--r-- 1 root root 5122378 Jul 11 18:22 libcrypto.a</span></p>
<p class="gmail-p1"><span class="gmail-s1">-rw-r--r-- 1 root root<span class="gmail-Apple-converted-space"> </span>776104 Jul 11 18:22 libssl.a</span></p>
<p class="gmail-p1"><span class="gmail-s1">drwxr-xr-x 2 root root<span class="gmail-Apple-converted-space"> </span>4096 Apr 24 21:35 </span><span class="gmail-s2">pkgconfig</span></p><p class="gmail-p1"><span class="gmail-s2"><br></span></p><p class="gmail-p1"><span class="gmail-s2"><br></span></p><p class="gmail-p1"><span class="gmail-s2">is there an extra module I need to enable when compiling openssl?</span></p><p class="gmail-p1"><span class="gmail-s2"><br></span></p><p class="gmail-p1"><span class="gmail-s2"><br></span></p><p class="gmail-p1"><span class="gmail-s2"><br></span></p></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jul 11, 2017 at 5:34 PM, Liviu Chircu <span dir="ltr"><<a href="mailto:liviu@opensips.org" target="_blank">liviu@opensips.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p><tt>That's a libcrypto symbol - make sure that one is also compiled
and installed under </tt><tt>/usr/local/ssl/lib<br>
</tt></p><span class="">
<pre class="m_-698660143783951108moz-signature" cols="72">Liviu Chircu
OpenSIPS Developer
<a class="m_-698660143783951108moz-txt-link-freetext" href="http://www.opensips-solutions.com" target="_blank">http://www.opensips-solutions.<wbr>com</a></pre>
</span><div><div class="h5"><div class="m_-698660143783951108moz-cite-prefix">On 11.07.2017 23:54, Tito Cumpen wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">I tried both suggestions. Finally I settled for
editing the make file. Now I am getting this error
<div><br>
</div>
<div><br>
</div>
<div>
<p class="m_-698660143783951108gmail-p1"><span class="m_-698660143783951108gmail-s1">Jul 11 20:50:59
cloud-server-06 opensips: DBG:core:load_module: loading
module /usr/lib64/opensips/modules/<wbr>tls_mgm.so</span></p>
<p class="m_-698660143783951108gmail-p1"><span class="m_-698660143783951108gmail-s1">Jul 11 20:50:59
cloud-server-06 opensips: ERROR:core:sr_load_module: could
not open module
</usr/lib64/opensips/modules/<wbr>tls_mgm.so>:
/usr/lib64/opensips/modules/<wbr>tls_mgm.so: undefined symbol:
GENERAL_NAME_free</span></p>
<p class="m_-698660143783951108gmail-p1"><span class="m_-698660143783951108gmail-s1">Jul 11 20:50:59
cloud-server-06 opensips: ERROR:core:load_module: failed
to load module</span></p>
<p class="m_-698660143783951108gmail-p1"><span class="m_-698660143783951108gmail-s1">Jul 11 20:50:59
cloud-server-06 opensips: CRITICAL:core:yyerror: parse
error in config file /etc/opensips/opensips.cfg, line 68,
column 13-14: failed to load module tls_mgm.so</span></p>
<p class="m_-698660143783951108gmail-p1"><span class="m_-698660143783951108gmail-s1"><br>
</span></p>
<p class="m_-698660143783951108gmail-p1"><span class="m_-698660143783951108gmail-s1"><br>
</span></p>
<p class="m_-698660143783951108gmail-p1"><span class="m_-698660143783951108gmail-s1">Here is the edited
make file</span></p>
<p class="m_-698660143783951108gmail-p1">#</p>
<p class="m_-698660143783951108gmail-p1"> 2 # WARNING: do not run this directly,
it should be run by the master Makefile</p>
<p class="m_-698660143783951108gmail-p1"> 3 </p>
<p class="m_-698660143783951108gmail-p1"> 4 include ../../Makefile.defs</p>
<p class="m_-698660143783951108gmail-p1"> 5 auto_gen=</p>
<p class="m_-698660143783951108gmail-p1"> 6 NAME=tls_mgm.so</p>
<p class="m_-698660143783951108gmail-p1"> 7 </p>
<p class="m_-698660143783951108gmail-p1"> 8 ETC_DIR?=../../etc/</p>
<p class="m_-698660143783951108gmail-p1"> 9 </p>
<p class="m_-698660143783951108gmail-p1"> 10 tls_configs=$(patsubst $(ETC_DIR)/%,
%, $(wildcard $(ETC_DIR)/tls/*) \</p>
<p class="m_-698660143783951108gmail-p1"> 11 $(wildcard
$(ETC_DIR)/tls/rootCA/*) $(wildcard
$(ETC_DIR)/tls/rootCA/certs/*) \</p>
<p class="m_-698660143783951108gmail-p1"> 12 $(wildcard
$(ETC_DIR)/tls/rootCA/private/<wbr>*) $(wildcard
$(ETC_DIR)/tls/user/*))</p>
<p class="m_-698660143783951108gmail-p1"> 13 </p>
<p class="m_-698660143783951108gmail-p1"> 14 </p>
<p class="m_-698660143783951108gmail-p1"> 15 ifeq ($(CROSS_COMPILE),)</p>
<p class="m_-698660143783951108gmail-p1"> 16 SSL_BUILDER=$(shell \</p>
<p class="m_-698660143783951108gmail-p1"> 17 if pkg-config --exists libssl;
then \</p>
<p class="m_-698660143783951108gmail-p1"> 18 echo 'pkg-config
libssl'; \</p>
<p class="m_-698660143783951108gmail-p1"> 19 fi)</p>
<p class="m_-698660143783951108gmail-p1"> 20 endif</p>
<p class="m_-698660143783951108gmail-p1"> 21 </p>
<p class="m_-698660143783951108gmail-p1"> 22 ifneq ($(SSL_BUILDER),)</p>
<p class="m_-698660143783951108gmail-p1"> 23 DEFS += $(shell $(SSL_BUILDER)
--cflags)</p>
<p class="m_-698660143783951108gmail-p1"> 24 LIBS += -Wl,-rpath
/usr/local/ssl/lib/ $(shell $(SSL_BUILDER) —libs)</p>
<p class="m_-698660143783951108gmail-p1"> 25 else</p>
<p class="m_-698660143783951108gmail-p1"> 26 DEFS +=
-I$(LOCALBASE)/ssl/include \</p>
<p class="m_-698660143783951108gmail-p1"> 27
-I$(LOCALBASE)/include</p>
<p class="m_-698660143783951108gmail-p1"> 28 LIBS += -Wl,-rpath
/usr/local/ssl/lib/ $(shell $(SSL_BUILDER) —libs)</p>
<p class="m_-698660143783951108gmail-p1"> 29 endif</p>
<p class="m_-698660143783951108gmail-p1"> 30 </p>
<p class="m_-698660143783951108gmail-p1"> 31 include ../../Makefile.modules</p>
<p class="m_-698660143783951108gmail-p1"> 32 </p>
<p class="m_-698660143783951108gmail-p1"> 33 install_module_custom: </p>
<p class="m_-698660143783951108gmail-p1"> 34 mkdir -p
$(cfg_prefix)/$(cfg_dir)/tls ; \</p>
<p class="m_-698660143783951108gmail-p1"> 35 mkdir -p
$(cfg_prefix)/$(cfg_dir)/tls/<wbr>rootCA ; \</p>
<p class="m_-698660143783951108gmail-p1"> 36 mkdir -p
$(cfg_prefix)/$(cfg_dir)/tls/<wbr>rootCA/certs ; \</p>
<p class="m_-698660143783951108gmail-p1"> 37 mkdir -p
$(cfg_prefix)/$(cfg_dir)/tls/<wbr>rootCA/private ; \</p>
<p class="m_-698660143783951108gmail-p1"> 38 mkdir -p
$(cfg_prefix)/$(cfg_dir)/tls/<wbr>user ; \</p>
<p class="m_-698660143783951108gmail-p1"> 39 for FILE in $(tls_configs) ;
do \</p>
<p class="m_-698660143783951108gmail-p1"> 40 if [ -f
$(ETC_DIR)/$$FILE ]; then \</p>
<p class="m_-698660143783951108gmail-p1"> 41 if [
"$(tls_overwrite_certs)" != "" -o \</p>
<p class="m_-698660143783951108gmail-p1"> 42
! -f $(cfg_prefix)/$(cfg_dir)/$$<wbr>FILE ] ; then \</p>
<p class="m_-698660143783951108gmail-p1"> 43
$(INSTALL_TOUCH) $(ETC_DIR)/$$FILE \</p>
<p class="m_-698660143783951108gmail-p1"> 44
$(cfg_prefix)/$(cfg_dir)/$$<wbr>FILE ; \</p>
<p class="m_-698660143783951108gmail-p1"> 45
$(INSTALL_CFG) $(ETC_DIR)/$$FILE \</p>
<p class="m_-698660143783951108gmail-p1"> 46
$(cfg_prefix)/$(cfg_dir)/$$<wbr>FILE ; \</p>
<p class="m_-698660143783951108gmail-p1"> 47 fi; \</p>
<p class="m_-698660143783951108gmail-p1"> 48 fi ;\</p>
<p class="m_-698660143783951108gmail-p1"> 49 done ; \</p>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Jul 11, 2017 at 3:51 PM,
Mundkowsky, Robert <span dir="ltr"><<a href="mailto:rmundkowsky@ets.org" target="_blank">rmundkowsky@ets.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="white" link="blue" vlink="purple" lang="EN-US">
<div class="m_-698660143783951108m_2888640068155393630WordSection1">
<pre><a name="m_-698660143783951108_m_2888640068155393630__MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Why hardcode it, just use </span></a><span style="color:windowtext">LD_LIBRARY_PATH</span></pre>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"> </span></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Robert
</span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"> </span></p>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">
Users [mailto:<a href="mailto:users-bounces@lists.opensips.org" target="_blank">users-bounces@lists.op<wbr>ensips.org</a>]
<b>On Behalf Of </b>Liviu Chircu<br>
<b>Sent:</b> Tuesday, July 11, 2017 3:46 PM<br>
<b>To:</b> <a href="mailto:users@lists.opensips.org" target="_blank">users@lists.opensips.org</a><br>
<b>Subject:</b> Re: [OpenSIPS-Users] compile
with openssl version</span></p>
</div>
</div>
<div>
<div class="m_-698660143783951108h5">
<p class="MsoNormal"> </p>
<p><tt><span style="font-size:10.0pt">It looks like
your distro's libssl still has priority over
the custom one. To avoid both uninstalling
libssl and forcing all apps to use the newest
library, I suggest you compile a hardcoded
search path into tls_mgm.so.</span></tt></p>
<p><tt><span style="font-size:10.0pt">Just make a
small modification in
modules/tls_mgm/Makefile, like in this
example:</span></tt></p>
<p><tt><span style="font-size:10.0pt">LIBS +=
-Wl,-rpath /home/liviu/lib $(shell
$(SSL_BUILDER) --libs)</span></tt></p>
<p><tt><span style="font-size:10.0pt">Compile the
tls_mgm, and if all goes well, the linker
should spot the custom libssl first:</span></tt></p>
<p><tt><span style="font-size:10.0pt">[liviu ◄ Y510P
opensips (master)]$ ldd
modules/tls_mgm/tls_mgm.so
</span></tt><span><br>
<tt> linux-vdso.so.1 =>
(0x00007ffff040d000)</tt><br>
<tt> libssl.so.1.0.0 =>
/home/liviu/lib/libssl.so.1.0.<wbr>0
(0x00007fd9cde0a000) <---- the forced
"runtime path" is working!</tt><br>
<tt> libc.so.6 =>
/lib/x86_64-linux-gnu/libc.so.<wbr>6
(0x00007fd9cda21000)</tt><br>
<tt> libcrypto.so.1.0.0 =>
/lib/x86_64-linux-gnu/libcrypt<wbr>o.so.1.0.0
(0x00007fd9cd5dc000)</tt><br>
<tt> /lib64/ld-linux-x86-64.so.2
(0x000055a69a1b7000)</tt><br>
<tt> libdl.so.2 =>
/lib/x86_64-linux-gnu/libdl.so<wbr>.2
(0x00007fd9cd3d8000)</tt></span></p>
<p><tt><span style="font-size:10.0pt">Another
solution could be:</span></tt></p>
<p><tt><span style="font-size:10.0pt">echo
"/usr/local/lib" >
/etc/ld.so.conf.d/libssl.conf; ldconfig</span></tt></p>
<p><tt><span style="font-size:10.0pt">But note that
this will "upgrade" the library for all apps
in your system that require it.</span></tt></p>
<pre>Liviu Chircu</pre>
<pre>OpenSIPS Developer</pre>
<pre><a href="https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.opensips-solutions.com&data=02%7C01%7Crmundkowsky%40ets.org%7Ca212f66c4e1b478fa3f208d4c895a94d%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636353992509658350&sdata=N2zZ6Uva4dTQhOf3L3ib4EaoZE1Z2nA8CBMhvLzzrw4%3D&reserved=0" target="_blank">http://www.opensips-solutions.<wbr>com</a></pre>
<div>
<p class="MsoNormal">On 11.07.2017 21:58, Tito
Cumpen wrote:</p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">Group, </p>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">I've updated openssl in
order to use opensips 2.3 but I am having
issues after compiling and running </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<div>
<p class="MsoNormal"> openssl version -a</p>
</div>
<div>
<p class="MsoNormal">OpenSSL 1.0.2k 26 Jan
2017</p>
</div>
<div>
<p class="MsoNormal">built on: reproducible
build, date unspecified</p>
</div>
<div>
<p class="MsoNormal">platform: linux-x86_64</p>
</div>
<div>
<p class="MsoNormal">options: bn(64,64)
rc4(8x,int) des(idx,cisc,16,int) idea(int)
blowfish(idx) </p>
</div>
<div>
<p class="MsoNormal">compiler: gcc -I. -I..
-I../include -DOPENSSL_THREADS
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H
-Wa,--noexecstack -m64 -DL_ENDIAN -O3
-Wall -DOPENSSL_IA32_SSE2
-DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_MONT5
-DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM
-DSHA256_ASM -DSHA512_ASM -DMD5_ASM
-DAES_ASM -DVPAES_ASM -DBSAES_ASM
-DWHIRLPOOL_ASM -DGHASH_ASM
-DECP_NISTZ256_ASM</p>
</div>
<div>
<p class="MsoNormal">OPENSSLDIR:
"/usr/local/ssl"</p>
</div>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">but when I run opensips I
get </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<div>
<p class="MsoNormal"> ERROR:tls_mgm:mod_init:
unable to set the memory allocation
functions</p>
</div>
<div>
<p class="MsoNormal">Jul 11 18:52:56
cloud-server-06 /sbin/opensips[32421]:
ERROR:tls_mgm:mod_init: NOTE: check if you
are using openssl 1.0.1e-fips, (or other
FIPS version of openssl, as this is known
to be broken; if so, you need to upgrade
or downgrade to a different openssl
version!</p>
</div>
<div>
<p class="MsoNormal">Jul 11 18:52:56
cloud-server-06 /sbin/opensips[32421]:
ERROR:tls_mgm:mod_init: current version:
OpenSSL 1.0.1e-fips 11 Feb 2013</p>
</div>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">How so I force opensips
to use the newer version??</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Thanks,</p>
</div>
<div>
<p class="MsoNormal">Tito</p>
</div>
</div>
<p class="MsoNormal"><br>
<br>
<br>
</p>
<pre>______________________________<wbr>_________________</pre>
<pre>Users mailing list</pre>
<pre><a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a></pre>
<pre><a href="https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.opensips.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fusers&data=02%7C01%7Crmundkowsky%40ets.org%7Ca212f66c4e1b478fa3f208d4c895a94d%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636353992509658350&sdata=roBC8y4Hz%2BDo0drmY09FiJ20K5cU4Dn4YJ4pJdgKy%2Fs%3D&reserved=0" target="_blank">http://lists.opensips.org/cgi-<wbr>bin/mailman/listinfo/users</a></pre>
</blockquote>
<p class="MsoNormal"> </p>
</div>
</div>
</div>
<br>
<hr>
<p>This e-mail and any files transmitted with it may
contain privileged or confidential information. It is
solely for use by the individual for whom it is
intended, even if addressed incorrectly. If you received
this e-mail in error, please notify the sender; do not
disclose, copy, distribute, or take any action in
reliance on the contents of this information; and delete
it from your system. Any other use of this e-mail is
prohibited.</p>
<br>
<p>Thank you for your compliance.</p>
<hr>
</div>
<br>
______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-<wbr>bin/mailman/listinfo/users</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="m_-698660143783951108mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
Users mailing list
<a class="m_-698660143783951108moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a>
<a class="m_-698660143783951108moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-<wbr>bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</div></div></div>
<br>______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-<wbr>bin/mailman/listinfo/users</a><br>
<br></blockquote></div><br></div>