[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: descriptor published, but router missing from consensus

To: tor-relays@xxxxxxxxxxxxxx
Subject: Re: descriptor published, but router missing from consensus
From: Dyno Tor <dynotor@xxxxxxxxx>
Date: Sat, 10 Apr 2010 07:12:24 -0700
Delivered-to: archiver@xxxxxxxx
Delivered-to: tor-relays-outgoing@xxxxxxxx
Delivered-to: tor-relays@xxxxxxxxxxxxxx
Delivery-date: Sat, 10 Apr 2010 10:12:36 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:received:message-id:subject:from:to:content-type; bh=cw7J3iNC0MAVy03pvtddsEYt2wFEcplfSKNUaXBKDqA=; b=X83kp6efSghnBgWfy3rHcSOD8Z5yURzmJrKE1oo0UwxArznR3blmz4pN8YE4Puz/GG tr/ZMHa/2UjtVT4xc/p9YaEsEN27JBHebLukGmaIwwuSMgd5tZkBTDnqHvUss6dClRob Qx2gHZTScwlFjUwcN1XVv4BqSzV4ZE8lkkYew=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=MaultM/WoTyXsCX9MQhg3hiwWBOjQW4LRGFq2+adyScg/TY7qi+EHeNXjfAbXM9Cjo Cdp44EDD7WjsQT51sjmEo5v2iSY7j87vsBH57uoNEN23kOiEq4rQJG2ASxBaeTdsADVx /C9luDYZ4phDevvb8ZCc93NTXdNfGLZW8RSW0=
In-reply-to: <k2z1c3299321004100707h86e0e7bbyddbeb9895268d832@xxxxxxxxxxxxxx>
References: <201004092253.o39MrFYI028843@xxxxxxxxxxxxx> <20100410122535.GA56099@tabulara> <k2z1c3299321004100707h86e0e7bbyddbeb9895268d832@xxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxx
Sender: owner-tor-relays@xxxxxxxxxxxxxx

Given that this problem is specific to something between
openssl-0.9.8e-12.el5_4.1 and openssl-0.9.8e-12.el5_4.6, this document
may be useful, as it describes the differences between these versions:

http://rhn.redhat.com/errata/RHSA-2010-0162.html

On 4/10/10, Dyno Tor <dynotor@xxxxxxxxx> wrote:
> FYI, I experienced the same problems, using tor-0.2.1.25-tor.0.rh5_4
> and openssl-0.9.8e-12.el5_4.6.  These are the standard CentOS OpenSSL
> and Tor repositiory for Centos 5.4.  As suggested I used "yum
> downgrade openssl" and got openssl-0.9.8e-12.el5_4.1, which works
> fine.  So it definitely has something to do with openssl, but isn't
> just specific to 1.0.  It's something that got backported to RHEL's
> maintained openssl, so it probably is some security fix that got
> published as part of openssl 1.0, but backported to RHEL/CentOS.
>
> On 4/10/10, Hans Schnehl <torvallenator@xxxxxxxxx> wrote:
>> On Fri, Apr 09, 2010 at 05:53:15PM -0500, Scott Bennett wrote:
>>>      On Sat, 10 Apr 2010 00:26:39 +0200 Sebastian Hahn
>>> <mail@xxxxxxxxxxxxxxxxx>
>>> wrote:
>>> >On Apr 9, 2010, at 11:44 PM, Scott Bennett wrote:
>>> >>     Do you know whether anyone else has tor working properly with
>>> >> openssl 1.0.0 ?  I'm considering downgrading it back to 0.9.8n as a
>>> >> test to begin eliminating different possible sources of trouble.
>> [...]
>>
>> Tor 0.2.2.10-alpha (git-81b84c0b017267b4) on FreeBSD 8-Stable amd64
>> runs a little bumpy (these are, of course, strictly scientific terms)
>> with
>> openssl 1.0.0.
>>  Tor is statically compiled against the most  recent libevent (git)  and
>> openssl-1.0.0.
>> There's higher load to the cpu with less utilized bandwidt than with
>> previous versions.
>>
>> Best performance was with Tor 0.2.2.10-alpha (git-81b84c0b017267b4)
>> statically compiled against  libevent-1.4.13 (the one in the FreeBSD
>> ports tree) and  openssl-1.0.0-beta5. Probably will build that again in
>> order
>> to regain performance.
>> Some change in between O*ssl-1.0.0-beta5 and -stable might be the reason.
>>  Don't know.
>>
>>> >> (That
>>> >> is what was working before.)  However, it is a bit of a nuisance to
>>> >> do
>>> >> that, so I'd rather not do it if it's clear that the openssl version
>>> >> isn't the source of my troubles.
>>> >
>>> >openssl 1.0.0, but we did some testing with the beta versions before
>>> >and it seemed to work; afaik. Getting your results with a downgraded
>>>
>> [...]
>>>      I don't actually know how much work it is because I've never tried
>>> it.  There is now a tool called "ports-mgmt/portdowngrade" in the ports
>>> tree that I'll need to install first to do the job.  That *shouldn't* be
>> [...]
>>
>> portdowngrade works fine, even if not at all new, by talking to
>> cvs-servers.
>> You might want to save time and nerves by statically compiling the
>> tor-binary, though.
>> There's a post in or-talk
>> http://archives.seul.org/or/talk/Jan-2010/msg00011.html ( by grarpamp )
>> about how to do that.
>>
>> Just run 'configure' and 'make', _avoid_ 'make install' and drop the
>> resulting tor-binary from  /src/or/tor to your PATH. (Remove or hide the
>> old one before, of course)
>>
>> I do not intend to start a bikeshed discussion about pro's and con's of
>> statically compiled binaries, but this saves the nuisance and keeps
>> the rest of your system away from  testing different library versions
>> three times a day :)
>>
>> [...]
>>
>> HTH
>>
>> Hans
>>
>>
>> P.S.: Blue !
>>
>

References:
- Re: descriptor published, but router missing from consensus
  - From: Scott Bennett
- Re: descriptor published, but router missing from consensus
  - From: Hans Schnehl
- Re: descriptor published, but router missing from consensus
  - From: Dyno Tor

Prev by Author: Re: descriptor published, but router missing from consensus
Next by Author: Re: descriptor published, but router missing from consensus
Previous by thread: Re: descriptor published, but router missing from consensus
Next by thread: Re: descriptor published, but router missing from consensus
Index(es):
- Author
- Thread