[SR-Users] Specify alternative OpenSSL engine for Kamailio

Joel Serrano | VOZELIA joel at vozelia.com
Sat Jun 25 07:06:39 CEST 2016 

Hi Cibin, 

The way it works is using the current openssl installation. Basically what you do is compile an extra engine, this creates a libcavium.so, you copy this file to the openssl engines directory and that allows you to specify it.

For example, with the regular debian openssl installation, I can now do:

openssl rsa .... -engine cavium

And it will you the cavium engine instead of the default one.

On some softwares you have a parameter that lets you specify what openssl engine to use.

If kamailio has it, it would be a config parameter, if it doesn't have it, I'd like to know how to compile kamailio tls module and instructing it to user the "cavium" engine (even If I have to hardcode it in the makefile or something).

I'm a little lost to be honest...

Thanks, 
Joel.

----- Original Message -----
> From: "Cibin Paul" <paul_cibin at me.com>
> To: "Kamailio (SER) - Users Mailing List" <sr-users at lists.sip-router.org>
> Sent: Friday, June 24, 2016 7:23:32 PM
> Subject: Re: [SR-Users] Specify alternative OpenSSL engine for Kamailio

> Hi,
> 
> Did you install openssl with shared libraries?
> 
> If you have pkg-config available, check the output of
> 
> pkg-config --libs openssl
> 
> pkg-config --libs libssl
> 
> Openssl.pc and libssl.pc should be pointed to your new openssl libraries. This
> is how it worked for me. No  changes required in kamailio.
> 
> Regards
> Cibin
> 
> 
> Regards
> Cibin
> 
>> On 24-Jun-2016, at 10:40 PM, Joel Serrano | VOZELIA <joel at vozelia.com> wrote:
>> 
>> Hi,
>> 
>> This is a similar question on a previous thread: "[SR-Users] Compiling kamailio
>> with custom openssl"
>> 
>> Is it possible to specify a different OpenSSL engine for kamailio to use?
>> 
>> For example:
>> 
>> On nginx you have the config param: ssl_engine <engine>
>> On apache you have the config param: SSLCryptoDevice <engine>
>> 
>> Is there anything similar on Kamailio?
>> 
>> We are using debian 8 with openssl-1.0.1t and these are the available engines:
>> 
>> root at debian:/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines# ls -l
>> total 404
>> -rw-r--r-- 1 root root  19512 Jun 21 11:07 lib4758cca.so
>> -rw-r--r-- 1 root root  19784 Jun 21 11:07 libaep.so
>> -rw-r--r-- 1 root root  15576 Jun 21 11:07 libatalla.so
>> -rw-r--r-- 1 root root   6104 Jun 21 11:07 libcapi.so
>> -rw-r--r-- 1 root root  24232 Jun 21 11:07 libchil.so
>> -rw-r--r-- 1 root root  19864 Jun 21 11:07 libcswift.so
>> -rw-r--r-- 1 root root   6104 Jun 21 11:07 libgmp.so
>> -rw-r--r-- 1 root root  93304 Jun 21 11:07 libgost.so
>> -rw-r--r-- 1 root root  15432 Jun 21 11:07 libnuron.so
>> -rw-r--r-- 1 root root   6104 Jun 21 11:07 libpadlock.so
>> -rw-r--r-- 1 root root  24096 Jun 21 11:07 libsureware.so
>> -rw-r--r-- 1 root root  19784 Jun 21 11:07 libubsec.so
>> root at debian:/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines#
>> 
>> 
>> The reason is we have another server with a Cavium SSL card, which provides a
>> dynamic engine:
>> 
>> -rw-r--r-- 1 root root 127968 Jun 23 15:18 libcavium.so
>> 
>> 
>> If it is not possible via config parameter, is there a way to specify the
>> openssl engine to use before compiling?
>> 
>> 
>> Thanks in advance.
>> 
>> Best regards,
>> Joel.
>> 
>> 
>> 
>> 
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
> 
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

More information about the sr-users mailing list