Binary versions of sipd and sipua are distributed with compiled OpenSSL support. In order to use these binary releases, you need to have several support libraries. These libraries are installed automatically by the installer
In order to compile source distributions of sipd and sipua with OpenSSL, you need to install a compiled version of OpenSSL. You can download it from the support directory of the downloads page.
To compile on a Unix platform, you need to use the --with-tls Configure option. For example, if you have installed OpenSSL at /opt/openssl, then you should specify --with-tls=/opt/openssl. Windows source distributions will use TLS by default, hence you need to download the openssl_win32.zip file and install it in your root folder (e.g., C:\). If you do not want to compile with TLS support, you need to remove the USE_TLS macro from libcine, libsip, sipd, libsip_nosql, and sipua projects.
TLS support can be selectively enabled or disabled in sipd by setting the StartSSL config parameter. See sipd documentation for more.
rand.dat will contain random bytes used for seeding the cryptographic random number generator. To generate a rand file, using OpenSSL use,
openssl dgst * > rand.dat
(* tells openssl to take a digest on all the files in the current directory. To get good randomness, you should put some large binary files before running this command).
Server certificate/key pair or client certificate/key pair. Follow instructions contained in Generating certificates. While generating the certificate, you must give the Common name as the host name or domain name as outlined in the section Server authentication.
Currently the pass phrase "sipd" is hardcoded into sipua, and hence you need to use this pass phrase for the sipua certificate. However, for sipd certificates you can use your own pass phrase. This is configured into sipd through the CINEMA web interface.
A configuration file (openssl.cnf) contains several configuration parameters such as your name, organization etc that are placed in the certificate. A sample openssl.cnf file is included along with the distribution.
This is a file containing all certification authorities that you trust. Currently, this is not actually used by sipua or sipd, so you can just make a copy of the file cert.pem and rename it calist.pem
In order to generate shared session keys, OpenSSL needs some parameters to initialize the Diffie-Helman key generator. You can use OpenSSL to generate this, by running the command:
openssl gendh -rand rand.dat -out dh1024.pem