[SR-Users] Specify alternative OpenSSL engine for Kamailio
Joel Serrano | VOZELIA
joel at vozelia.com
Sat Jun 25 07:06:39 CEST 2016
Hi Cibin,
The way it works is using the current openssl installation. Basically what you do is compile an extra engine, this creates a libcavium.so, you copy this file to the openssl engines directory and that allows you to specify it.
For example, with the regular debian openssl installation, I can now do:
openssl rsa .... -engine cavium
And it will you the cavium engine instead of the default one.
On some softwares you have a parameter that lets you specify what openssl engine to use.
If kamailio has it, it would be a config parameter, if it doesn't have it, I'd like to know how to compile kamailio tls module and instructing it to user the "cavium" engine (even If I have to hardcode it in the makefile or something).
I'm a little lost to be honest...
Thanks,
Joel.
----- Original Message -----
> From: "Cibin Paul" <paul_cibin at me.com>
> To: "Kamailio (SER) - Users Mailing List" <sr-users at lists.sip-router.org>
> Sent: Friday, June 24, 2016 7:23:32 PM
> Subject: Re: [SR-Users] Specify alternative OpenSSL engine for Kamailio
> Hi,
>
> Did you install openssl with shared libraries?
>
> If you have pkg-config available, check the output of
>
> pkg-config --libs openssl
>
> pkg-config --libs libssl
>
> Openssl.pc and libssl.pc should be pointed to your new openssl libraries. This
> is how it worked for me. No changes required in kamailio.
>
> Regards
> Cibin
>
>
> Regards
> Cibin
>
>> On 24-Jun-2016, at 10:40 PM, Joel Serrano | VOZELIA <joel at vozelia.com> wrote:
>>
>> Hi,
>>
>> This is a similar question on a previous thread: "[SR-Users] Compiling kamailio
>> with custom openssl"
>>
>> Is it possible to specify a different OpenSSL engine for kamailio to use?
>>
>> For example:
>>
>> On nginx you have the config param: ssl_engine <engine>
>> On apache you have the config param: SSLCryptoDevice <engine>
>>
>> Is there anything similar on Kamailio?
>>
>> We are using debian 8 with openssl-1.0.1t and these are the available engines:
>>
>> root at debian:/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines# ls -l
>> total 404
>> -rw-r--r-- 1 root root 19512 Jun 21 11:07 lib4758cca.so
>> -rw-r--r-- 1 root root 19784 Jun 21 11:07 libaep.so
>> -rw-r--r-- 1 root root 15576 Jun 21 11:07 libatalla.so
>> -rw-r--r-- 1 root root 6104 Jun 21 11:07 libcapi.so
>> -rw-r--r-- 1 root root 24232 Jun 21 11:07 libchil.so
>> -rw-r--r-- 1 root root 19864 Jun 21 11:07 libcswift.so
>> -rw-r--r-- 1 root root 6104 Jun 21 11:07 libgmp.so
>> -rw-r--r-- 1 root root 93304 Jun 21 11:07 libgost.so
>> -rw-r--r-- 1 root root 15432 Jun 21 11:07 libnuron.so
>> -rw-r--r-- 1 root root 6104 Jun 21 11:07 libpadlock.so
>> -rw-r--r-- 1 root root 24096 Jun 21 11:07 libsureware.so
>> -rw-r--r-- 1 root root 19784 Jun 21 11:07 libubsec.so
>> root at debian:/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines#
>>
>>
>> The reason is we have another server with a Cavium SSL card, which provides a
>> dynamic engine:
>>
>> -rw-r--r-- 1 root root 127968 Jun 23 15:18 libcavium.so
>>
>>
>> If it is not possible via config parameter, is there a way to specify the
>> openssl engine to use before compiling?
>>
>>
>> Thanks in advance.
>>
>> Best regards,
>> Joel.
>>
>>
>>
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
More information about the sr-users
mailing list