[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] TLS warning using static OpenSSL 1.0.1c

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] TLS warning using static OpenSSL 1.0.1c
From: Gino Badouri <g.badouri@xxxxxxxxx>
Date: Tue, 26 Jun 2012 21:27:58 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 26 Jun 2012 15:28:13 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=0p0mNP5ZjwL8rdQO0fM4Sklr6pSVj1KqUTp7ktVLFQQ=; b=0v1NEoPvZpBVmQDF+VheHOEcQl73CAcZ5rNLhy5/06cGpT4qyiO5Y3EBdpck7XyfyN wSBWCsP4qkUh2GkwlKFrsoDNfSlZ6hT/pc6g6YrPkAlGRO5mkyVpRt3nacO8CMSA4iiP DDgFF8XlGFJVjybMa8GREM2C+YOwVpSQfHaalaPtdl5igj/zVHUsmgbEr+lGPqiTkpbz kXb/BchRcRKPEQstvEehfyk6/xfDXlpuphEaSq7JXxb+mQ1b9qQfVOcShm0zgTLjGAOC /xxxw084HDVPWea44eZEmNClu5pBIjxOYYi72qXtv4FnXPhj+A/TCAa7UopRIVuJgRQ0 OwxQ==
In-reply-to: <CAD2Ti29QEn_wO01MYEviWASr-MArEkJN4bvcGjacf+bR2FjZBQ@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for discussion by the developers of Tor." <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CABgZ87ab-HskJy_+C7nHGTe86rR7c01gbxnBQSGXnhypNA1WPg@xxxxxxxxxxxxxx> <CAKDKvuwrcWC3dS=KtJ+dNZvn3TADqL4r7OzXAz4XuXd5_n_+zA@xxxxxxxxxxxxxx> <CABgZ87YPcODp0B1EgPuCC=0LSQZ+QK7r2YwHRQRgZzFFBKoUbQ@xxxxxxxxxxxxxx> <CABgZ87YbNzK3teLDXx1PanaizBTKgq5b2MtxzZxz_vGoy+MJSw@xxxxxxxxxxxxxx> <CAD2Ti29QEn_wO01MYEviWASr-MArEkJN4bvcGjacf+bR2FjZBQ@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx

It works!
Thanks grarpamp!

Using zlib instead of zlib-dynamic fixed it like you said
I had to alter the Makefile and tell the linker where to find my mipsel libz.so and libz.a and zlib includes
Also libevent and tor need the ./configure CPPFLAGS and LDFLAGS for zlib too.

I'm only encountering timeouts after the circuit has been established:
Jun 26 21:21:04.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:53. Giving up. (waiting for circuit)

This is using Tor-2.3.17-beta using static OpenSSL 1.0.1c (no-idea no-mdc2 no-rc5 zlib enable-tlsext no-ssl2) and libevent-2.0.19-stable (bufferevents enabled)
Also I compiled with miniupnpc-1.7 and libnatpmp-20110808 support.

I think the Tor binary is too big 5.3MB which is due to libcrypto.a being 4.4MB (stripped).

Would you happen to know which ciphers I can drop from OpenSSL? (so I can shrink it a bit).

2012/6/25 grarpamp <grarpamp@xxxxxxxxx>

> OpenSSL 1.0.1c has been build with:
> ./Configure debian-mipsel shared enable-tlsext zlib-dynamic no-ssl2

I've never been able to compile openssl statically such that I could use
the resultant binary, dynlib and statlib it everywhere needed. Nor does
zlib play right in that. More on the ssl mail list.

> could not load the shared library (in DSO support routines

I remember something like that before. Redo your openssl without
'zlib-dynamic'. Redo libevent against that. Then do Tor as static.
I think that should make it go away.

Be sure libevent/tor ./configure's are pointed against ssl you compiled,
and not default system libs.

I also think 'enable-tlsext' is redundant in that ./config probably
includes it automatically now, as with no-ssl2. See: openssl ciphers -v.

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] TLS warning using static OpenSSL 1.0.1c
  - From: grarpamp

References:
- [tor-dev] TLS warning using static OpenSSL 1.0.1c
  - From: Gino Badouri
- Re: [tor-dev] TLS warning using static OpenSSL 1.0.1c
  - From: Nick Mathewson
- Re: [tor-dev] TLS warning using static OpenSSL 1.0.1c
  - From: Gino Badouri
- Re: [tor-dev] TLS warning using static OpenSSL 1.0.1c
  - From: Gino Badouri
- Re: [tor-dev] TLS warning using static OpenSSL 1.0.1c
  - From: grarpamp

Prev by Author: Re: [tor-dev] TLS warning using static OpenSSL 1.0.1c
Next by Author: Re: [tor-dev] TLS warning using static OpenSSL 1.0.1c
Previous by thread: Re: [tor-dev] TLS warning using static OpenSSL 1.0.1c
Next by thread: Re: [tor-dev] TLS warning using static OpenSSL 1.0.1c
Index(es):
- Author
- Thread