Hi,
This is a similar question on a previous thread: "[SR-Users] Compiling kamailio with custom openssl"
Is it possible to specify a different OpenSSL engine for kamailio to use?
For example:
On nginx you have the config param: ssl_engine <engine> On apache you have the config param: SSLCryptoDevice <engine>
Is there anything similar on Kamailio?
We are using debian 8 with openssl-1.0.1t and these are the available engines:
root@debian:/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines# ls -l total 404 -rw-r--r-- 1 root root 19512 Jun 21 11:07 lib4758cca.so -rw-r--r-- 1 root root 19784 Jun 21 11:07 libaep.so -rw-r--r-- 1 root root 15576 Jun 21 11:07 libatalla.so -rw-r--r-- 1 root root 6104 Jun 21 11:07 libcapi.so -rw-r--r-- 1 root root 24232 Jun 21 11:07 libchil.so -rw-r--r-- 1 root root 19864 Jun 21 11:07 libcswift.so -rw-r--r-- 1 root root 6104 Jun 21 11:07 libgmp.so -rw-r--r-- 1 root root 93304 Jun 21 11:07 libgost.so -rw-r--r-- 1 root root 15432 Jun 21 11:07 libnuron.so -rw-r--r-- 1 root root 6104 Jun 21 11:07 libpadlock.so -rw-r--r-- 1 root root 24096 Jun 21 11:07 libsureware.so -rw-r--r-- 1 root root 19784 Jun 21 11:07 libubsec.so root@debian:/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines#
The reason is we have another server with a Cavium SSL card, which provides a dynamic engine:
-rw-r--r-- 1 root root 127968 Jun 23 15:18 libcavium.so
If it is not possible via config parameter, is there a way to specify the openssl engine to use before compiling?
Thanks in advance.
Best regards, Joel.
Hi,
Did you install openssl with shared libraries?
If you have pkg-config available, check the output of
pkg-config --libs openssl
pkg-config --libs libssl
Openssl.pc and libssl.pc should be pointed to your new openssl libraries. This is how it worked for me. No changes required in kamailio.
Regards Cibin
Regards Cibin
On 24-Jun-2016, at 10:40 PM, Joel Serrano | VOZELIA joel@vozelia.com wrote:
Hi,
This is a similar question on a previous thread: "[SR-Users] Compiling kamailio with custom openssl"
Is it possible to specify a different OpenSSL engine for kamailio to use?
For example:
On nginx you have the config param: ssl_engine <engine> On apache you have the config param: SSLCryptoDevice <engine>
Is there anything similar on Kamailio?
We are using debian 8 with openssl-1.0.1t and these are the available engines:
root@debian:/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines# ls -l total 404 -rw-r--r-- 1 root root 19512 Jun 21 11:07 lib4758cca.so -rw-r--r-- 1 root root 19784 Jun 21 11:07 libaep.so -rw-r--r-- 1 root root 15576 Jun 21 11:07 libatalla.so -rw-r--r-- 1 root root 6104 Jun 21 11:07 libcapi.so -rw-r--r-- 1 root root 24232 Jun 21 11:07 libchil.so -rw-r--r-- 1 root root 19864 Jun 21 11:07 libcswift.so -rw-r--r-- 1 root root 6104 Jun 21 11:07 libgmp.so -rw-r--r-- 1 root root 93304 Jun 21 11:07 libgost.so -rw-r--r-- 1 root root 15432 Jun 21 11:07 libnuron.so -rw-r--r-- 1 root root 6104 Jun 21 11:07 libpadlock.so -rw-r--r-- 1 root root 24096 Jun 21 11:07 libsureware.so -rw-r--r-- 1 root root 19784 Jun 21 11:07 libubsec.so root@debian:/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines#
The reason is we have another server with a Cavium SSL card, which provides a dynamic engine:
-rw-r--r-- 1 root root 127968 Jun 23 15:18 libcavium.so
If it is not possible via config parameter, is there a way to specify the openssl engine to use before compiling?
Thanks in advance.
Best regards, Joel.
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hi Cibin,
The way it works is using the current openssl installation. Basically what you do is compile an extra engine, this creates a libcavium.so, you copy this file to the openssl engines directory and that allows you to specify it.
For example, with the regular debian openssl installation, I can now do:
openssl rsa .... -engine cavium
And it will you the cavium engine instead of the default one.
On some softwares you have a parameter that lets you specify what openssl engine to use.
If kamailio has it, it would be a config parameter, if it doesn't have it, I'd like to know how to compile kamailio tls module and instructing it to user the "cavium" engine (even If I have to hardcode it in the makefile or something).
I'm a little lost to be honest...
Thanks, Joel.
----- Original Message -----
From: "Cibin Paul" paul_cibin@me.com To: "Kamailio (SER) - Users Mailing List" sr-users@lists.sip-router.org Sent: Friday, June 24, 2016 7:23:32 PM Subject: Re: [SR-Users] Specify alternative OpenSSL engine for Kamailio
Hi,
Did you install openssl with shared libraries?
If you have pkg-config available, check the output of
pkg-config --libs openssl
pkg-config --libs libssl
Openssl.pc and libssl.pc should be pointed to your new openssl libraries. This is how it worked for me. No changes required in kamailio.
Regards Cibin
Regards Cibin
On 24-Jun-2016, at 10:40 PM, Joel Serrano | VOZELIA joel@vozelia.com wrote:
Hi,
This is a similar question on a previous thread: "[SR-Users] Compiling kamailio with custom openssl"
Is it possible to specify a different OpenSSL engine for kamailio to use?
For example:
On nginx you have the config param: ssl_engine <engine> On apache you have the config param: SSLCryptoDevice <engine>
Is there anything similar on Kamailio?
We are using debian 8 with openssl-1.0.1t and these are the available engines:
root@debian:/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines# ls -l total 404 -rw-r--r-- 1 root root 19512 Jun 21 11:07 lib4758cca.so -rw-r--r-- 1 root root 19784 Jun 21 11:07 libaep.so -rw-r--r-- 1 root root 15576 Jun 21 11:07 libatalla.so -rw-r--r-- 1 root root 6104 Jun 21 11:07 libcapi.so -rw-r--r-- 1 root root 24232 Jun 21 11:07 libchil.so -rw-r--r-- 1 root root 19864 Jun 21 11:07 libcswift.so -rw-r--r-- 1 root root 6104 Jun 21 11:07 libgmp.so -rw-r--r-- 1 root root 93304 Jun 21 11:07 libgost.so -rw-r--r-- 1 root root 15432 Jun 21 11:07 libnuron.so -rw-r--r-- 1 root root 6104 Jun 21 11:07 libpadlock.so -rw-r--r-- 1 root root 24096 Jun 21 11:07 libsureware.so -rw-r--r-- 1 root root 19784 Jun 21 11:07 libubsec.so root@debian:/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines#
The reason is we have another server with a Cavium SSL card, which provides a dynamic engine:
-rw-r--r-- 1 root root 127968 Jun 23 15:18 libcavium.so
If it is not possible via config parameter, is there a way to specify the openssl engine to use before compiling?
Thanks in advance.
Best regards, Joel.
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-
Cibin Paul -
Joel Serrano | VOZELIA