[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: descriptor published, but router missing from consensus

To: tor-relays@xxxxxxxxxxxxxx
Subject: Re: descriptor published, but router missing from consensus
From: Dyno Tor <dynotor@xxxxxxxxx>
Date: Sat, 10 Apr 2010 07:07:17 -0700
Delivered-to: archiver@xxxxxxxx
Delivered-to: tor-relays-outgoing@xxxxxxxx
Delivered-to: tor-relays@xxxxxxxxxxxxxx
Delivery-date: Sat, 10 Apr 2010 10:07:31 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:received:message-id:subject:from:to:content-type; bh=EdmUlw1ZC9VQ2PmiJtrGL1Jn2Xyx06SiXC3VuKh6AZ0=; b=bXUXmV54HqVQTfrzv8efj1spGprnHA7xjsCxybCTj3rWZpiYeYGPeanh2wg7IY2uh3 cAOFgdm1mlEkxNIeyBvj0SUwpKt02MPv4wdeAmtJ4/S2KUIlLSC0VSVH+0E9dNKq1wG2 Uo/RqIreizYMbLgUgtI9q+tfYEtII8K3qGRTU=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=Tar7smGhaf2panRCJLVcKHgTWCIcO94E31+NzIa4k9qomf8hieUs9rrLp+t66E8gih AsXI/EbhSc4nkNt8Ofaq7MwiWpwETp1fvyXeVMoSA4zL8mJ5eQdvCDThGhA1fihKD4vN bL/2qvXU2jjwQclp11bonozF7UCb3T8vgxxLY=
In-reply-to: <20100410122535.GA56099@tabulara>
References: <201004092253.o39MrFYI028843@xxxxxxxxxxxxx> <20100410122535.GA56099@tabulara>
Reply-to: tor-relays@xxxxxxxxxxxxxx
Sender: owner-tor-relays@xxxxxxxxxxxxxx

FYI, I experienced the same problems, using tor-0.2.1.25-tor.0.rh5_4
and openssl-0.9.8e-12.el5_4.6.  These are the standard CentOS OpenSSL
and Tor repositiory for Centos 5.4.  As suggested I used "yum
downgrade openssl" and got openssl-0.9.8e-12.el5_4.1, which works
fine.  So it definitely has something to do with openssl, but isn't
just specific to 1.0.  It's something that got backported to RHEL's
maintained openssl, so it probably is some security fix that got
published as part of openssl 1.0, but backported to RHEL/CentOS.

On 4/10/10, Hans Schnehl <torvallenator@xxxxxxxxx> wrote:
> On Fri, Apr 09, 2010 at 05:53:15PM -0500, Scott Bennett wrote:
>>      On Sat, 10 Apr 2010 00:26:39 +0200 Sebastian Hahn
>> <mail@xxxxxxxxxxxxxxxxx>
>> wrote:
>> >On Apr 9, 2010, at 11:44 PM, Scott Bennett wrote:
>> >>     Do you know whether anyone else has tor working properly with
>> >> openssl 1.0.0 ?  I'm considering downgrading it back to 0.9.8n as a
>> >> test to begin eliminating different possible sources of trouble.
> [...]
>
> Tor 0.2.2.10-alpha (git-81b84c0b017267b4) on FreeBSD 8-Stable amd64
> runs a little bumpy (these are, of course, strictly scientific terms) with
> openssl 1.0.0.
>  Tor is statically compiled against the most  recent libevent (git)  and
> openssl-1.0.0.
> There's higher load to the cpu with less utilized bandwidt than with
> previous versions.
>
> Best performance was with Tor 0.2.2.10-alpha (git-81b84c0b017267b4)
> statically compiled against  libevent-1.4.13 (the one in the FreeBSD
> ports tree) and  openssl-1.0.0-beta5. Probably will build that again in
> order
> to regain performance.
> Some change in between O*ssl-1.0.0-beta5 and -stable might be the reason.
>  Don't know.
>
>> >> (That
>> >> is what was working before.)  However, it is a bit of a nuisance to do
>> >> that, so I'd rather not do it if it's clear that the openssl version
>> >> isn't the source of my troubles.
>> >
>> >openssl 1.0.0, but we did some testing with the beta versions before
>> >and it seemed to work; afaik. Getting your results with a downgraded
>>
> [...]
>>      I don't actually know how much work it is because I've never tried
>> it.  There is now a tool called "ports-mgmt/portdowngrade" in the ports
>> tree that I'll need to install first to do the job.  That *shouldn't* be
> [...]
>
> portdowngrade works fine, even if not at all new, by talking to cvs-servers.
> You might want to save time and nerves by statically compiling the
> tor-binary, though.
> There's a post in or-talk
> http://archives.seul.org/or/talk/Jan-2010/msg00011.html ( by grarpamp )
> about how to do that.
>
> Just run 'configure' and 'make', _avoid_ 'make install' and drop the
> resulting tor-binary from  /src/or/tor to your PATH. (Remove or hide the
> old one before, of course)
>
> I do not intend to start a bikeshed discussion about pro's and con's of
> statically compiled binaries, but this saves the nuisance and keeps
> the rest of your system away from  testing different library versions
> three times a day :)
>
> [...]
>
> HTH
>
> Hans
>
>
> P.S.: Blue !
>

Follow-Ups:
- Re: descriptor published, but router missing from consensus
  - From: DC
- Re: descriptor published, but router missing from consensus
  - From: Dyno Tor

References:
- Re: descriptor published, but router missing from consensus
  - From: Scott Bennett
- Re: descriptor published, but router missing from consensus
  - From: Hans Schnehl

Prev by Author: RE: Google cache blocking non-exit relays?
Next by Author: Re: descriptor published, but router missing from consensus
Previous by thread: Re: descriptor published, but router missing from consensus
Next by thread: Re: descriptor published, but router missing from consensus
Index(es):
- Author
- Thread