[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] TLS warning using static OpenSSL 1.0.1c



It works!
Thanks grarpamp!

Using zlib instead of zlib-dynamic fixed it like you said
I had to alter the Makefile and tell the linker where to find my mipsel libz.so and libz.a and zlib includes
Also libevent and tor need the ./configure CPPFLAGS and LDFLAGS for zlib too.

I'm only encountering timeouts after the circuit has been established:
Jun 26 21:21:04.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:53. Giving up. (waiting for circuit)

This is using Tor-2.3.17-beta using static OpenSSL 1.0.1c (no-idea no-mdc2 no-rc5 zlib enable-tlsext no-ssl2) and libevent-2.0.19-stable (bufferevents enabled)
Also I compiled with miniupnpc-1.7 and libnatpmp-20110808 support.

I think the Tor binary is too big 5.3MB which is due to libcrypto.a being 4.4MB (stripped).

Would you happen to know which ciphers I can drop from OpenSSL? (so I can shrink it a bit).


2012/6/25 grarpamp <grarpamp@xxxxxxxxx>
> OpenSSL 1.0.1c has been build with:
> ./Configure debian-mipsel shared enable-tlsext zlib-dynamic no-ssl2

I've never been able to compile openssl statically such that I could use
the resultant binary, dynlib and statlib it everywhere needed. Nor does
zlib play right in that. More on the ssl mail list.

> could not load the shared library (in DSO support routines

I remember something like that before. Redo your openssl without
'zlib-dynamic'. Redo libevent against that. Then do Tor as static.
I think that should make it go away.

Be sure libevent/tor ./configure's are pointed against ssl you compiled,
and not default system libs.

I also think 'enable-tlsext' is redundant in that ./config probably
includes it automatically now, as with no-ssl2. See: openssl ciphers -v.
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev