compile with openssl version

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

compile with openssl version

Tito Cumpen
Group,


I've updated openssl in order to use opensips 2.3 but I am having issues after compiling and running 


 openssl version -a
OpenSSL 1.0.2k  26 Jan 2017
built on: reproducible build, date unspecified
platform: linux-x86_64
options:  bn(64,64) rc4(8x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) 
compiler: gcc -I. -I.. -I../include  -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/usr/local/ssl"


but when I run opensips I get 

 ERROR:tls_mgm:mod_init: unable to set the memory allocation functions
Jul 11 18:52:56 cloud-server-06 /sbin/opensips[32421]: ERROR:tls_mgm:mod_init: NOTE: check if you are using openssl 1.0.1e-fips, (or other FIPS version of openssl, as this is known to be broken; if so, you need to upgrade or downgrade to a different openssl version!
Jul 11 18:52:56 cloud-server-06 /sbin/opensips[32421]: ERROR:tls_mgm:mod_init: current version: OpenSSL 1.0.1e-fips 11 Feb 2013


How so I force opensips to use the newer version??

Thanks,
Tito

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: compile with openssl version

Liviu Chircu

It looks like your distro's libssl still has priority over the custom one. To avoid both uninstalling libssl and forcing all apps to use the newest library, I suggest you compile a hardcoded search path into tls_mgm.so.

Just make a small modification in modules/tls_mgm/Makefile, like in this example:

LIBS += -Wl,-rpath /home/liviu/lib $(shell $(SSL_BUILDER) --libs)

Compile the tls_mgm, and if all goes well, the linker should spot the custom libssl first:

[liviu ◄ Y510P opensips (master)]$ ldd modules/tls_mgm/tls_mgm.so
    linux-vdso.so.1 =>  (0x00007ffff040d000)
    libssl.so.1.0.0 => /home/liviu/lib/libssl.so.1.0.0 (0x00007fd9cde0a000) <---- the forced "runtime path" is working!
    libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fd9cda21000)
    libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007fd9cd5dc000)
    /lib64/ld-linux-x86-64.so.2 (0x000055a69a1b7000)
    libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fd9cd3d8000)

Another solution could be:

echo "/usr/local/lib" > /etc/ld.so.conf.d/libssl.conf; ldconfig

But note that this will "upgrade" the library for all apps in your system that require it.

Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com
On 11.07.2017 21:58, Tito Cumpen wrote:
Group,


I've updated openssl in order to use opensips 2.3 but I am having issues after compiling and running 


 openssl version -a
OpenSSL 1.0.2k  26 Jan 2017
built on: reproducible build, date unspecified
platform: linux-x86_64
options:  bn(64,64) rc4(8x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) 
compiler: gcc -I. -I.. -I../include  -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/usr/local/ssl"


but when I run opensips I get 

 ERROR:tls_mgm:mod_init: unable to set the memory allocation functions
Jul 11 18:52:56 cloud-server-06 /sbin/opensips[32421]: ERROR:tls_mgm:mod_init: NOTE: check if you are using openssl 1.0.1e-fips, (or other FIPS version of openssl, as this is known to be broken; if so, you need to upgrade or downgrade to a different openssl version!
Jul 11 18:52:56 cloud-server-06 /sbin/opensips[32421]: ERROR:tls_mgm:mod_init: current version: OpenSSL 1.0.1e-fips 11 Feb 2013


How so I force opensips to use the newer version??

Thanks,
Tito


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: compile with openssl version

robert
Why hardcode it, just use LD_LIBRARY_PATH

 

 

Robert

 

From: Users [mailto:[hidden email]] On Behalf Of Liviu Chircu
Sent: Tuesday, July 11, 2017 3:46 PM
To: [hidden email]
Subject: Re: [OpenSIPS-Users] compile with openssl version

 

It looks like your distro's libssl still has priority over the custom one. To avoid both uninstalling libssl and forcing all apps to use the newest library, I suggest you compile a hardcoded search path into tls_mgm.so.

Just make a small modification in modules/tls_mgm/Makefile, like in this example:

LIBS += -Wl,-rpath /home/liviu/lib $(shell $(SSL_BUILDER) --libs)

Compile the tls_mgm, and if all goes well, the linker should spot the custom libssl first:

[liviu ◄ Y510P opensips (master)]$ ldd modules/tls_mgm/tls_mgm.so
    linux-vdso.so.1 =>  (0x00007ffff040d000)
    libssl.so.1.0.0 => /home/liviu/lib/libssl.so.1.0.0 (0x00007fd9cde0a000) <---- the forced "runtime path" is working!
    libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fd9cda21000)
    libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007fd9cd5dc000)
    /lib64/ld-linux-x86-64.so.2 (0x000055a69a1b7000)
    libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fd9cd3d8000)

Another solution could be:

echo "/usr/local/lib" > /etc/ld.so.conf.d/libssl.conf; ldconfig

But note that this will "upgrade" the library for all apps in your system that require it.

Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com

On 11.07.2017 21:58, Tito Cumpen wrote:

Group,

 

 

I've updated openssl in order to use opensips 2.3 but I am having issues after compiling and running 

 

 

 openssl version -a

OpenSSL 1.0.2k  26 Jan 2017

built on: reproducible build, date unspecified

platform: linux-x86_64

options:  bn(64,64) rc4(8x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) 

compiler: gcc -I. -I.. -I../include  -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM

OPENSSLDIR: "/usr/local/ssl"

 

 

but when I run opensips I get 

 

 ERROR:tls_mgm:mod_init: unable to set the memory allocation functions

Jul 11 18:52:56 cloud-server-06 /sbin/opensips[32421]: ERROR:tls_mgm:mod_init: NOTE: check if you are using openssl 1.0.1e-fips, (or other FIPS version of openssl, as this is known to be broken; if so, you need to upgrade or downgrade to a different openssl version!

Jul 11 18:52:56 cloud-server-06 /sbin/opensips[32421]: ERROR:tls_mgm:mod_init: current version: OpenSSL 1.0.1e-fips 11 Feb 2013

 

 

How so I force opensips to use the newer version??

 

Thanks,

Tito




_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

 



This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.


Thank you for your compliance.



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: compile with openssl version

Tito Cumpen
I tried both suggestions. Finally I settled for editing the make file. Now I am getting this error


Jul 11 20:50:59 cloud-server-06 opensips: DBG:core:load_module: loading module /usr/lib64/opensips/modules/tls_mgm.so

Jul 11 20:50:59 cloud-server-06 opensips: ERROR:core:sr_load_module: could not open module </usr/lib64/opensips/modules/tls_mgm.so>: /usr/lib64/opensips/modules/tls_mgm.so: undefined symbol: GENERAL_NAME_free

Jul 11 20:50:59 cloud-server-06 opensips: ERROR:core:load_module: failed to load module

Jul 11 20:50:59 cloud-server-06 opensips: CRITICAL:core:yyerror: parse error in config file /etc/opensips/opensips.cfg, line 68, column 13-14: failed to load module tls_mgm.so



Here is the edited make file

#

  2 # WARNING: do not run this directly, it should be run by the master Makefile

  3 

  4 include ../../Makefile.defs

  5 auto_gen=

  6 NAME=tls_mgm.so

  7 

  8 ETC_DIR?=../../etc/

  9 

 10 tls_configs=$(patsubst $(ETC_DIR)/%, %, $(wildcard $(ETC_DIR)/tls/*) \

 11                 $(wildcard $(ETC_DIR)/tls/rootCA/*) $(wildcard $(ETC_DIR)/tls/rootCA/certs/*) \

 12                 $(wildcard $(ETC_DIR)/tls/rootCA/private/*) $(wildcard $(ETC_DIR)/tls/user/*))

 13 

 14 

 15 ifeq ($(CROSS_COMPILE),)

 16 SSL_BUILDER=$(shell \

 17         if pkg-config --exists libssl; then \

 18                 echo 'pkg-config libssl'; \

 19         fi)

 20 endif

 21 

 22 ifneq ($(SSL_BUILDER),)

 23         DEFS += $(shell $(SSL_BUILDER) --cflags)

 24           LIBS += -Wl,-rpath /usr/local/ssl/lib/ $(shell $(SSL_BUILDER) —libs)

 25 else

 26         DEFS += -I$(LOCALBASE)/ssl/include \

 27                         -I$(LOCALBASE)/include

 28         LIBS += -Wl,-rpath /usr/local/ssl/lib/ $(shell $(SSL_BUILDER) —libs)

 29 endif

 30 

 31 include ../../Makefile.modules

 32 

 33 install_module_custom: 

 34         mkdir -p $(cfg_prefix)/$(cfg_dir)/tls ; \

 35         mkdir -p $(cfg_prefix)/$(cfg_dir)/tls/rootCA ; \

 36         mkdir -p $(cfg_prefix)/$(cfg_dir)/tls/rootCA/certs ; \

 37         mkdir -p $(cfg_prefix)/$(cfg_dir)/tls/rootCA/private ; \

 38         mkdir -p $(cfg_prefix)/$(cfg_dir)/tls/user ; \

 39         for FILE in $(tls_configs) ; do \

 40                 if [ -f $(ETC_DIR)/$$FILE ]; then \

 41                         if [ "$(tls_overwrite_certs)" != "" -o \

 42                                          ! -f $(cfg_prefix)/$(cfg_dir)/$$FILE ] ; then \

 43                                 $(INSTALL_TOUCH) $(ETC_DIR)/$$FILE \

 44                                         $(cfg_prefix)/$(cfg_dir)/$$FILE ; \

 45                                 $(INSTALL_CFG) $(ETC_DIR)/$$FILE \

 46                                         $(cfg_prefix)/$(cfg_dir)/$$FILE ; \

 47                         fi; \

 48                 fi ;\

 49         done ; \



On Tue, Jul 11, 2017 at 3:51 PM, Mundkowsky, Robert <[hidden email]> wrote:
Why hardcode it, just use LD_LIBRARY_PATH

 

 

Robert

 

From: Users [mailto:[hidden email]] On Behalf Of Liviu Chircu
Sent: Tuesday, July 11, 2017 3:46 PM
To: [hidden email]
Subject: Re: [OpenSIPS-Users] compile with openssl version

 

It looks like your distro's libssl still has priority over the custom one. To avoid both uninstalling libssl and forcing all apps to use the newest library, I suggest you compile a hardcoded search path into tls_mgm.so.

Just make a small modification in modules/tls_mgm/Makefile, like in this example:

LIBS += -Wl,-rpath /home/liviu/lib $(shell $(SSL_BUILDER) --libs)

Compile the tls_mgm, and if all goes well, the linker should spot the custom libssl first:

[liviu ◄ Y510P opensips (master)]$ ldd modules/tls_mgm/tls_mgm.so
    linux-vdso.so.1 =>  (0x00007ffff040d000)
    libssl.so.1.0.0 => /home/liviu/lib/libssl.so.1.0.0 (0x00007fd9cde0a000) <---- the forced "runtime path" is working!
    libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fd9cda21000)
    libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007fd9cd5dc000)
    /lib64/ld-linux-x86-64.so.2 (0x000055a69a1b7000)
    libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fd9cd3d8000)

Another solution could be:

echo "/usr/local/lib" > /etc/ld.so.conf.d/libssl.conf; ldconfig

But note that this will "upgrade" the library for all apps in your system that require it.

Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com

On 11.07.2017 21:58, Tito Cumpen wrote:

Group,

 

 

I've updated openssl in order to use opensips 2.3 but I am having issues after compiling and running 

 

 

 openssl version -a

OpenSSL 1.0.2k  26 Jan 2017

built on: reproducible build, date unspecified

platform: linux-x86_64

options:  bn(64,64) rc4(8x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) 

compiler: gcc -I. -I.. -I../include  -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM

OPENSSLDIR: "/usr/local/ssl"

 

 

but when I run opensips I get 

 

 ERROR:tls_mgm:mod_init: unable to set the memory allocation functions

Jul 11 18:52:56 cloud-server-06 /sbin/opensips[32421]: ERROR:tls_mgm:mod_init: NOTE: check if you are using openssl 1.0.1e-fips, (or other FIPS version of openssl, as this is known to be broken; if so, you need to upgrade or downgrade to a different openssl version!

Jul 11 18:52:56 cloud-server-06 /sbin/opensips[32421]: ERROR:tls_mgm:mod_init: current version: OpenSSL 1.0.1e-fips 11 Feb 2013

 

 

How so I force opensips to use the newer version??

 

Thanks,

Tito




_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

 



This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.


Thank you for your compliance.



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: compile with openssl version

Liviu Chircu

That's a libcrypto symbol - make sure that one is also compiled and installed under /usr/local/ssl/lib

Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com
On 11.07.2017 23:54, Tito Cumpen wrote:
I tried both suggestions. Finally I settled for editing the make file. Now I am getting this error


Jul 11 20:50:59 cloud-server-06 opensips: DBG:core:load_module: loading module /usr/lib64/opensips/modules/tls_mgm.so

Jul 11 20:50:59 cloud-server-06 opensips: ERROR:core:sr_load_module: could not open module </usr/lib64/opensips/modules/tls_mgm.so>: /usr/lib64/opensips/modules/tls_mgm.so: undefined symbol: GENERAL_NAME_free

Jul 11 20:50:59 cloud-server-06 opensips: ERROR:core:load_module: failed to load module

Jul 11 20:50:59 cloud-server-06 opensips: CRITICAL:core:yyerror: parse error in config file /etc/opensips/opensips.cfg, line 68, column 13-14: failed to load module tls_mgm.so



Here is the edited make file

#

  2 # WARNING: do not run this directly, it should be run by the master Makefile

  3 

  4 include ../../Makefile.defs

  5 auto_gen=

  6 NAME=tls_mgm.so

  7 

  8 ETC_DIR?=../../etc/

  9 

 10 tls_configs=$(patsubst $(ETC_DIR)/%, %, $(wildcard $(ETC_DIR)/tls/*) \

 11                 $(wildcard $(ETC_DIR)/tls/rootCA/*) $(wildcard $(ETC_DIR)/tls/rootCA/certs/*) \

 12                 $(wildcard $(ETC_DIR)/tls/rootCA/private/*) $(wildcard $(ETC_DIR)/tls/user/*))

 13 

 14 

 15 ifeq ($(CROSS_COMPILE),)

 16 SSL_BUILDER=$(shell \

 17         if pkg-config --exists libssl; then \

 18                 echo 'pkg-config libssl'; \

 19         fi)

 20 endif

 21 

 22 ifneq ($(SSL_BUILDER),)

 23         DEFS += $(shell $(SSL_BUILDER) --cflags)

 24           LIBS += -Wl,-rpath /usr/local/ssl/lib/ $(shell $(SSL_BUILDER) —libs)

 25 else

 26         DEFS += -I$(LOCALBASE)/ssl/include \

 27                         -I$(LOCALBASE)/include

 28         LIBS += -Wl,-rpath /usr/local/ssl/lib/ $(shell $(SSL_BUILDER) —libs)

 29 endif

 30 

 31 include ../../Makefile.modules

 32 

 33 install_module_custom: 

 34         mkdir -p $(cfg_prefix)/$(cfg_dir)/tls ; \

 35         mkdir -p $(cfg_prefix)/$(cfg_dir)/tls/rootCA ; \

 36         mkdir -p $(cfg_prefix)/$(cfg_dir)/tls/rootCA/certs ; \

 37         mkdir -p $(cfg_prefix)/$(cfg_dir)/tls/rootCA/private ; \

 38         mkdir -p $(cfg_prefix)/$(cfg_dir)/tls/user ; \

 39         for FILE in $(tls_configs) ; do \

 40                 if [ -f $(ETC_DIR)/$$FILE ]; then \

 41                         if [ "$(tls_overwrite_certs)" != "" -o \

 42                                          ! -f $(cfg_prefix)/$(cfg_dir)/$$FILE ] ; then \

 43                                 $(INSTALL_TOUCH) $(ETC_DIR)/$$FILE \

 44                                         $(cfg_prefix)/$(cfg_dir)/$$FILE ; \

 45                                 $(INSTALL_CFG) $(ETC_DIR)/$$FILE \

 46                                         $(cfg_prefix)/$(cfg_dir)/$$FILE ; \

 47                         fi; \

 48                 fi ;\

 49         done ; \



On Tue, Jul 11, 2017 at 3:51 PM, Mundkowsky, Robert <[hidden email]> wrote:
Why hardcode it, just use LD_LIBRARY_PATH

 

 

Robert

 

From: Users [mailto:[hidden email]] On Behalf Of Liviu Chircu
Sent: Tuesday, July 11, 2017 3:46 PM
To: [hidden email]
Subject: Re: [OpenSIPS-Users] compile with openssl version

 

It looks like your distro's libssl still has priority over the custom one. To avoid both uninstalling libssl and forcing all apps to use the newest library, I suggest you compile a hardcoded search path into tls_mgm.so.

Just make a small modification in modules/tls_mgm/Makefile, like in this example:

LIBS += -Wl,-rpath /home/liviu/lib $(shell $(SSL_BUILDER) --libs)

Compile the tls_mgm, and if all goes well, the linker should spot the custom libssl first:

[liviu ◄ Y510P opensips (master)]$ ldd modules/tls_mgm/tls_mgm.so
    linux-vdso.so.1 =>  (0x00007ffff040d000)
    libssl.so.1.0.0 => /home/liviu/lib/libssl.so.1.0.0 (0x00007fd9cde0a000) <---- the forced "runtime path" is working!
    libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fd9cda21000)
    libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007fd9cd5dc000)
    /lib64/ld-linux-x86-64.so.2 (0x000055a69a1b7000)
    libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fd9cd3d8000)

Another solution could be:

echo "/usr/local/lib" > /etc/ld.so.conf.d/libssl.conf; ldconfig

But note that this will "upgrade" the library for all apps in your system that require it.

Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com

On 11.07.2017 21:58, Tito Cumpen wrote:

Group,

 

 

I've updated openssl in order to use opensips 2.3 but I am having issues after compiling and running 

 

 

 openssl version -a

OpenSSL 1.0.2k  26 Jan 2017

built on: reproducible build, date unspecified

platform: linux-x86_64

options:  bn(64,64) rc4(8x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) 

compiler: gcc -I. -I.. -I../include  -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM

OPENSSLDIR: "/usr/local/ssl"

 

 

but when I run opensips I get 

 

 ERROR:tls_mgm:mod_init: unable to set the memory allocation functions

Jul 11 18:52:56 cloud-server-06 /sbin/opensips[32421]: ERROR:tls_mgm:mod_init: NOTE: check if you are using openssl 1.0.1e-fips, (or other FIPS version of openssl, as this is known to be broken; if so, you need to upgrade or downgrade to a different openssl version!

Jul 11 18:52:56 cloud-server-06 /sbin/opensips[32421]: ERROR:tls_mgm:mod_init: current version: OpenSSL 1.0.1e-fips 11 Feb 2013

 

 

How so I force opensips to use the newer version??

 

Thanks,

Tito




_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

 



This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.


Thank you for your compliance.



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users




_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: compile with openssl version

Tito Cumpen
Liviu,


it is check out the following 

ls -al /usr/local/ssl/lib/

total 5780

drwxr-xr-x 4 root root    4096 Jul 11 18:22 .

drwxr-xr-x 9 root root    4096 Jul 11 18:22 ..

drwxr-xr-x 2 root root    4096 Apr 24 21:35 engines

-rw-r--r-- 1 root root 5122378 Jul 11 18:22 libcrypto.a

-rw-r--r-- 1 root root  776104 Jul 11 18:22 libssl.a

drwxr-xr-x 2 root root    4096 Apr 24 21:35 pkgconfig



is there an extra module I need to enable when compiling openssl?





On Tue, Jul 11, 2017 at 5:34 PM, Liviu Chircu <[hidden email]> wrote:

That's a libcrypto symbol - make sure that one is also compiled and installed under /usr/local/ssl/lib

Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com
On 11.07.2017 23:54, Tito Cumpen wrote:
I tried both suggestions. Finally I settled for editing the make file. Now I am getting this error


Jul 11 20:50:59 cloud-server-06 opensips: DBG:core:load_module: loading module /usr/lib64/opensips/modules/tls_mgm.so

Jul 11 20:50:59 cloud-server-06 opensips: ERROR:core:sr_load_module: could not open module </usr/lib64/opensips/modules/tls_mgm.so>: /usr/lib64/opensips/modules/tls_mgm.so: undefined symbol: GENERAL_NAME_free

Jul 11 20:50:59 cloud-server-06 opensips: ERROR:core:load_module: failed to load module

Jul 11 20:50:59 cloud-server-06 opensips: CRITICAL:core:yyerror: parse error in config file /etc/opensips/opensips.cfg, line 68, column 13-14: failed to load module tls_mgm.so



Here is the edited make file

#

  2 # WARNING: do not run this directly, it should be run by the master Makefile

  3 

  4 include ../../Makefile.defs

  5 auto_gen=

  6 NAME=tls_mgm.so

  7 

  8 ETC_DIR?=../../etc/

  9 

 10 tls_configs=$(patsubst $(ETC_DIR)/%, %, $(wildcard $(ETC_DIR)/tls/*) \

 11                 $(wildcard $(ETC_DIR)/tls/rootCA/*) $(wildcard $(ETC_DIR)/tls/rootCA/certs/*) \

 12                 $(wildcard $(ETC_DIR)/tls/rootCA/private/*) $(wildcard $(ETC_DIR)/tls/user/*))

 13 

 14 

 15 ifeq ($(CROSS_COMPILE),)

 16 SSL_BUILDER=$(shell \

 17         if pkg-config --exists libssl; then \

 18                 echo 'pkg-config libssl'; \

 19         fi)

 20 endif

 21 

 22 ifneq ($(SSL_BUILDER),)

 23         DEFS += $(shell $(SSL_BUILDER) --cflags)

 24           LIBS += -Wl,-rpath /usr/local/ssl/lib/ $(shell $(SSL_BUILDER) —libs)

 25 else

 26         DEFS += -I$(LOCALBASE)/ssl/include \

 27                         -I$(LOCALBASE)/include

 28         LIBS += -Wl,-rpath /usr/local/ssl/lib/ $(shell $(SSL_BUILDER) —libs)

 29 endif

 30 

 31 include ../../Makefile.modules

 32 

 33 install_module_custom: 

 34         mkdir -p $(cfg_prefix)/$(cfg_dir)/tls ; \

 35         mkdir -p $(cfg_prefix)/$(cfg_dir)/tls/rootCA ; \

 36         mkdir -p $(cfg_prefix)/$(cfg_dir)/tls/rootCA/certs ; \

 37         mkdir -p $(cfg_prefix)/$(cfg_dir)/tls/rootCA/private ; \

 38         mkdir -p $(cfg_prefix)/$(cfg_dir)/tls/user ; \

 39         for FILE in $(tls_configs) ; do \

 40                 if [ -f $(ETC_DIR)/$$FILE ]; then \

 41                         if [ "$(tls_overwrite_certs)" != "" -o \

 42                                          ! -f $(cfg_prefix)/$(cfg_dir)/$$FILE ] ; then \

 43                                 $(INSTALL_TOUCH) $(ETC_DIR)/$$FILE \

 44                                         $(cfg_prefix)/$(cfg_dir)/$$FILE ; \

 45                                 $(INSTALL_CFG) $(ETC_DIR)/$$FILE \

 46                                         $(cfg_prefix)/$(cfg_dir)/$$FILE ; \

 47                         fi; \

 48                 fi ;\

 49         done ; \



On Tue, Jul 11, 2017 at 3:51 PM, Mundkowsky, Robert <[hidden email]> wrote:
Why hardcode it, just use LD_LIBRARY_PATH

 

 

Robert

 

From: Users [mailto:[hidden email]] On Behalf Of Liviu Chircu
Sent: Tuesday, July 11, 2017 3:46 PM
To: [hidden email]
Subject: Re: [OpenSIPS-Users] compile with openssl version

 

It looks like your distro's libssl still has priority over the custom one. To avoid both uninstalling libssl and forcing all apps to use the newest library, I suggest you compile a hardcoded search path into tls_mgm.so.

Just make a small modification in modules/tls_mgm/Makefile, like in this example:

LIBS += -Wl,-rpath /home/liviu/lib $(shell $(SSL_BUILDER) --libs)

Compile the tls_mgm, and if all goes well, the linker should spot the custom libssl first:

[liviu ◄ Y510P opensips (master)]$ ldd modules/tls_mgm/tls_mgm.so
    linux-vdso.so.1 =>  (0x00007ffff040d000)
    libssl.so.1.0.0 => /home/liviu/lib/libssl.so.1.0.0 (0x00007fd9cde0a000) <---- the forced "runtime path" is working!
    libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fd9cda21000)
    libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007fd9cd5dc000)
    /lib64/ld-linux-x86-64.so.2 (0x000055a69a1b7000)
    libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fd9cd3d8000)

Another solution could be:

echo "/usr/local/lib" > /etc/ld.so.conf.d/libssl.conf; ldconfig

But note that this will "upgrade" the library for all apps in your system that require it.

Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com

On 11.07.2017 21:58, Tito Cumpen wrote:

Group,

 

 

I've updated openssl in order to use opensips 2.3 but I am having issues after compiling and running 

 

 

 openssl version -a

OpenSSL 1.0.2k  26 Jan 2017

built on: reproducible build, date unspecified

platform: linux-x86_64

options:  bn(64,64) rc4(8x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) 

compiler: gcc -I. -I.. -I../include  -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM

OPENSSLDIR: "/usr/local/ssl"

 

 

but when I run opensips I get 

 

 ERROR:tls_mgm:mod_init: unable to set the memory allocation functions

Jul 11 18:52:56 cloud-server-06 /sbin/opensips[32421]: ERROR:tls_mgm:mod_init: NOTE: check if you are using openssl 1.0.1e-fips, (or other FIPS version of openssl, as this is known to be broken; if so, you need to upgrade or downgrade to a different openssl version!

Jul 11 18:52:56 cloud-server-06 /sbin/opensips[32421]: ERROR:tls_mgm:mod_init: current version: OpenSSL 1.0.1e-fips 11 Feb 2013

 

 

How so I force opensips to use the newer version??

 

Thanks,

Tito




_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

 



This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.


Thank you for your compliance.



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users




_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: compile with openssl version

Liviu Chircu

Can you post the output of the following:

LD_LIBRARY_PATH=/usr/local/ssl/lib/ ldd modules/tls_mgm/tls_mgm.so

Remember, we want to get it to find the new shared libraries, not some statically compiled libraries (aka ".a" files).
Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com
On 12.07.2017 00:38, Tito Cumpen wrote:
Liviu,


it is check out the following 

ls -al /usr/local/ssl/lib/

total 5780

drwxr-xr-x 4 root root    4096 Jul 11 18:22 .

drwxr-xr-x 9 root root    4096 Jul 11 18:22 ..

drwxr-xr-x 2 root root    4096 Apr 24 21:35 engines

-rw-r--r-- 1 root root 5122378 Jul 11 18:22 libcrypto.a

-rw-r--r-- 1 root root  776104 Jul 11 18:22 libssl.a

drwxr-xr-x 2 root root    4096 Apr 24 21:35 pkgconfig



is there an extra module I need to enable when compiling openssl?





On Tue, Jul 11, 2017 at 5:34 PM, Liviu Chircu <[hidden email]> wrote:

That's a libcrypto symbol - make sure that one is also compiled and installed under /usr/local/ssl/lib

Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: compile with openssl version

Tito Cumpen
Liviu,

Here is the output:

linux-vdso.so.1 =>  (0x00007ffee9d89000)

libdl.so.2 => /lib64/libdl.so.2 (0x00007f096f341000)

libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f096f121000)

libc.so.6 => /lib64/libc.so.6 (0x00007f096ed59000)

/lib64/ld-linux-x86-64.so.2 (0x00007f096f791000)




On Wed, Jul 12, 2017 at 5:51 AM, Liviu Chircu <[hidden email]> wrote:

Can you post the output of the following:

LD_LIBRARY_PATH=/usr/local/ssl/lib/ ldd modules/tls_mgm/tls_mgm.so

Remember, we want to get it to find the new shared libraries, not some statically compiled libraries (aka ".a" files).
Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com
On 12.07.2017 00:38, Tito Cumpen wrote:
Liviu,


it is check out the following 

ls -al /usr/local/ssl/lib/

total 5780

drwxr-xr-x 4 root root    4096 Jul 11 18:22 .

drwxr-xr-x 9 root root    4096 Jul 11 18:22 ..

drwxr-xr-x 2 root root    4096 Apr 24 21:35 engines

-rw-r--r-- 1 root root 5122378 Jul 11 18:22 libcrypto.a

-rw-r--r-- 1 root root  776104 Jul 11 18:22 libssl.a

drwxr-xr-x 2 root root    4096 Apr 24 21:35 pkgconfig



is there an extra module I need to enable when compiling openssl?





On Tue, Jul 11, 2017 at 5:34 PM, Liviu Chircu <[hidden email]> wrote:

That's a libcrypto symbol - make sure that one is also compiled and installed under /usr/local/ssl/lib

Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: compile with openssl version

Liviu Chircu

That's not good at all. Both libssl and libcrypto should be in there, this explains the startup errors - it's not linked against those libraries at all now! If you still want to proceed with the rpath solution, please compile tls_mgm like so: "NICER=0 make modules module=tls_mgm", and post the output, so we know how to fix the make environment.

OTOH, we can follow Robert's suggestion, revert all Makefile changes, recompile back to the default tls_mgm and just do:

export LD_LIBRARY_PATH=/usr/local/ssl/lib
ldd modules/tls_mgm/tls_mgm.so

If the above works, you can add a similar logic to your OpenSIPS startup script.

Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com
On 13.07.2017 02:48, Tito Cumpen wrote:
Liviu,

Here is the output:

linux-vdso.so.1 =>  (0x00007ffee9d89000)

libdl.so.2 => /lib64/libdl.so.2 (0x00007f096f341000)

libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f096f121000)

libc.so.6 => /lib64/libc.so.6 (0x00007f096ed59000)

/lib64/ld-linux-x86-64.so.2 (0x00007f096f791000)




On Wed, Jul 12, 2017 at 5:51 AM, Liviu Chircu <[hidden email]> wrote:

Can you post the output of the following:

LD_LIBRARY_PATH=/usr/local/ssl/lib/ ldd modules/tls_mgm/tls_mgm.so

Remember, we want to get it to find the new shared libraries, not some statically compiled libraries (aka ".a" files).
Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com
On 12.07.2017 00:38, Tito Cumpen wrote:
Liviu,


it is check out the following 

ls -al /usr/local/ssl/lib/

total 5780

drwxr-xr-x 4 root root    4096 Jul 11 18:22 .

drwxr-xr-x 9 root root    4096 Jul 11 18:22 ..

drwxr-xr-x 2 root root    4096 Apr 24 21:35 engines

-rw-r--r-- 1 root root 5122378 Jul 11 18:22 libcrypto.a

-rw-r--r-- 1 root root  776104 Jul 11 18:22 libssl.a

drwxr-xr-x 2 root root    4096 Apr 24 21:35 pkgconfig



is there an extra module I need to enable when compiling openssl?





On Tue, Jul 11, 2017 at 5:34 PM, Liviu Chircu <[hidden email]> wrote:

That's a libcrypto symbol - make sure that one is also compiled and installed under /usr/local/ssl/lib

Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users




_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Loading...