Configure OpenSSL for Linux
When using any Speech SDK version before 1.9.0, OpenSSL is dynamically configured to the host-system version. In later versions of the Speech SDK, OpenSSL (version 1.1.1b) is statically linked to the core library of the Speech SDK.
To ensure connectivity, verify that OpenSSL certificates have been installed in your system. Run a command:
openssl version -d
The output on Ubuntu/Debian based systems should be:
Check whether there is
certs subdirectory under OPENSSLDIR. In the example above, it would be
If there is
/usr/lib/ssl/certsand it contains many individual certificate files (with
.pemextension), there is no need for further actions.
If OPENSSLDIR is something else than
/usr/lib/ssland/or there is a single certificate bundle file instead of multiple individual files, you need to set an appropriate SSL environment variable to indicate where the certificates can be found.
- OPENSSLDIR is
/opt/ssl. There is
certssubdirectory with many
.pemfiles. Set environment variable
SSL_CERT_DIRto point at
/opt/ssl/certsbefore running a program that uses the Speech SDK. For example:
- OPENSSLDIR is
/etc/pki/tls(like on RHEL/CentOS based systems). There is
certssubdirectory with a certificate bundle file, for example
ca-bundle.crt. Set environment variable
SSL_CERT_FILEto point at that file before running a program that uses the Speech SDK. For example:
It is also worth noting that some distributions of Linux do not have a TMP or TMPDIR environment variable defined. This will cause the Speech SDK to download the Certificate Revocation List (CRL) every time, rather than caching the CRL to disk for reuse until they expire. To improve initial connection performance you can create an environment variable named TMPDIR and set it to the path of your chosen temporary directory..