User Tools

Site Tools


tutorials:tls:howto-openssl-1-0

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

tutorials:tls:howto-openssl-1-0 [2019/05/13 11:17] (current)
shaunjstokes created
Line 1: Line 1:
 +====== Howto switch to OpenSSL 1.0 for TLS Connections ======
  
 +===== Debian and Ubuntu =====
 +
 +First of all you need to make and install OpenSSL 1.0.2r from source.
 +
 +<​code>​
 +sudo apt install build-essential checkinstall zlib1g-dev -y
 +
 +cd /usr/src
 +
 +wget https://​www.openssl.org/​source/​openssl-1.0.2r.tar.gz
 +
 +tar -xvzf openssl-1.0.2r.tar.gz
 +
 +cd openssl-1.0.2r
 +
 +./config -d --prefix=/​usr/​local/​ssl --openssldir=/​usr/​local/​ssl shared zlib
 +
 +make
 +make test
 +
 +make install
 +
 +nano /​etc/​ld.so.conf.d/​openssl-1.0.2r.conf
 +</​code>​
 +
 +Add this line and save:
 +<​code>​
 +/​usr/​local/​ssl/​lib
 +</​code>​
 +
 +<​code>​
 +sudo ldconfig -v
 +
 +mv /​usr/​bin/​c_rehash /​usr/​bin/​c_rehash.BEKUP
 +mv /​usr/​bin/​openssl /​usr/​bin/​openssl.BEKUP
 +
 +export PATH=$PATH:/​usr/​local/​ssl/​bin
 +</​code>​
 +
 +Link binaries to path:
 +<​code>​
 +sudo ln -s /​usr/​local/​ssl/​bin/​c_rehash /​usr/​bin/​c_rehash
 +sudo ln -s /​usr/​local/​ssl/​bin/​openssl /​usr/​bin/​openssl
 +</​code>​
 +
 +Restart.
 +<​code>​
 +sudo shutdown -r now
 +</​code>​
 +
 +Check OpenSSL path, should return '/​usr/​bin/​openssl'​.
 +<​code>​
 +which openssl
 +</​code>​
 +
 +Check OpenSSL version, should return '​OpenSSL 1.0.2r 26 Feb 2019'.
 +<​code>​
 +openssl version
 +</​code>​
 +
 +Modify '/​usr/​src/​kamailio/​src/​modules/​tls/​makefile'​.
 +
 +Change this:
 +<​code>​
 +ifneq ($(SSL_BUILDER),​)
 + DEFS += $(shell $(SSL_BUILDER) --cflags)
 + LIBS += $(shell $(SSL_BUILDER) --libs)
 +else
 + DEFS += -I$(LOCALBASE)/​ssl/​include
 + LIBS += -L$(LOCALBASE)/​lib -L$(LOCALBASE)/​ssl/​lib \
 + -L$(LOCALBASE)/​lib64 -L$(LOCALBASE)/​ssl/​lib64 \
 + -lssl -lcrypto
 + # NOTE: depending on the way in which libssl was compiled you might
 + #       have to add -lz -lkrb5 ​  (zlib and kerberos5).
 + #       E.g.: make TLS_HOOKS=1 TLS_EXTRA_LIBS="​-lz -lkrb5"​
 +endif
 +</​code>​
 +
 +To this:
 +<​code>​
 +DEFS+= -I/​usr/​local/​ssl/​include
 +LIBS+= -L/​usr/​local/​ssl/​lib \
 + -lssl -lcrypto
 +</​code>​
 +
 +Make clean, make and make install:
 +<​code>​
 +cd /​usr/​src/​kamailio/​src/​modules/​tls
 +make clean
 +make
 +make install
 +</​code>​
tutorials/tls/howto-openssl-1-0.txt ยท Last modified: 2019/05/13 11:17 by shaunjstokes