[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] TLS warning using static OpenSSL 1.0.1c

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-dev] TLS warning using static OpenSSL 1.0.1c
From: Gino Badouri <g.badouri@xxxxxxxxx>
Date: Thu, 21 Jun 2012 23:05:26 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 21 Jun 2012 17:13:27 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=X3EJ2zAlrP6dOdSM2ubbzLYKCBnX56GQp4UJSpAei0w=; b=zleWQ3kPaCCn0H8C73wsCamFJbLWUnEgU1SpldHn4b4kl++2RxfQehr6POsQE0K5xf Uu3uG17nYBZkj805DT1O6Gizly43M3ah4vn/mbHNaRHYStqxmG9HcmVPH5r6tqh74xyz TSQl/7KtE6Qw6pYvD6Ms61anCUzG1envIUMp7kqy81hS2UIx0wCFkDHIDAZobYuETysT BETgYmcWtRsPO+O+cgEjEuaz7Uubhz8KQb6ABAI1HrQVmUb9uE0crQAaog3ZwytrfQ12 AhjUnzjyYk9fR002QquOvtRSR/+KRleqDNHdaWR2RJfiYHkOiAgx8xfyHerXqYEzRh4a wwPw==
List-archive: <http://lists.torproject.org/pipermail/tor-dev>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for discussion by the developers of Tor." <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx

Hi there,

My goal is to run Tor on small cluster of embedded mips devices.
Because the platform runs on an older version of OpenSSL and libevent I have chosen to statically link them with Tor.

So I went ahead to compile the components.
I'm aiming at the beta version: 0.2.3.17

OpenSSL 1.0.1c has been build with:
./Configure debian-mipsel shared enable-tlsext zlib-dynamic no-ssl2

libevent-2.0.19-stable has been built with:
./configure --enable-openssl --disable-debug-mode --with-pic

And of course Tor:

./configure --prefix=/usr --libdir=/usr/lib --localstatedir=/var --sysconfdir=/etc \
--with-zlib-dir=/home/mastag/build-mipsel/tmp/staging/mipsel-linux/lib \
--with-openssl-dir=/home/mastag/build-mipsel/tmp/staging/mipsel-linux/lib \
--with-libevent-dir=/home/mastag/build-mipsel/tmp/staging/mipsel-linux/lib \
--disable-asciidoc --enable-static-openssl --enable-static-libevent \
--host=mipsel-linux --with-libnatpmp-dir=/home/mastag/build-mipsel/tmp/staging/mipsel-linux/lib \
--with-libminiupnpc-dir=/home/mastag/build-mipsel/tmp/staging/mipsel-linux/lib \
--enable-upnp --enable-nat-pmp --enable-bufferevents \
CPPFLAGS="-I/home/mastag/openpli/build-dm800/tmp/staging/mipsel-linux/include"

This produces the src/or/Tor binary which runs great on the cluster.
Only it's giving me the following messages:

Jun 21 23:02:12.000 [notice] Tor 0.2.3.17-beta opening new log file.
Jun 21 23:02:12.000 [warn] You are running Tor as root. You don't need to, and you probably shouldn't.
Jun 21 23:02:13.000 [notice] No AES engine found; using AES_* functions.
Jun 21 23:02:13.000 [notice] This OpenSSL has a good implementation of counter mode; using it.
Jun 21 23:02:15.000 [notice] OpenSSL OpenSSL 1.0.1c 10 May 2012 looks like version 0.9.8m or later; I will try SSL_OP to enable renegotiation
Jun 21 23:02:37.000 [notice] Reloaded microdescriptor cache. Found 4807 descriptors.
Jun 21 23:02:42.000 [notice] We now have enough directory information to build circuits.
Jun 21 23:02:42.000 [notice] Bootstrapped 80%: Connecting to the Tor network.
Jun 21 23:02:43.000 [notice] Heartbeat: Tor's uptime is 0:00 hours, with 1 circuits open. I've sent 0 kB and received 0 kB.
Jun 21 23:02:43.000 [notice] Bootstrapped 85%: Finishing handshake with first hop.
Jun 21 23:02:43.000 [warn] TLS error while creating tor_tls_t object: could not load the shared library (in DSO support routines:DLFCN_LOAD:---)
Jun 21 23:02:43.000 [warn] TLS error while creating tor_tls_t object: could not load the shared library (in DSO support routines:DSO_load:---)
Jun 21 23:02:47.000 [notice] Bootstrapped 90%: Establishing a Tor circuit.
Jun 21 23:02:53.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Jun 21 23:02:53.000 [notice] Bootstrapped 100%: Done.

The warning about the AES engine is probably because OpenSSL has no engine for mips.
However the following two lines bother me:

[warn] TLS error while creating tor_tls_t object: could not load the shared library (in DSO support routines:DLFCN_LOAD:---)
[warn] TLS error while creating tor_tls_t object: could not load the shared library (in DSO support routines:DSO_load:---)

Any way to get rid of these?
I did compile OpenSSL with "enable-tlsext" so I don't understand why it warns me about it.

Thanks in advance!

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] TLS warning using static OpenSSL 1.0.1c
  - From: Nick Mathewson

Prev by Author: [tor-dev] George's status report: June 2012
Next by Author: Re: [tor-dev] TLS warning using static OpenSSL 1.0.1c
Previous by thread: [tor-dev] [GSoC] Vidalia Status Report - Week 4
Next by thread: Re: [tor-dev] TLS warning using static OpenSSL 1.0.1c
Index(es):
- Author
- Thread