Re: [tor-dev] TLS warning using static OpenSSL 1.0.1c

[Gino Badouri <g.badouri@xxxxxxxxx>]

Thanks for the heads up.
I got it working on my mipsel box.

First of all I switched to 2.3.18-rc git.

I build the latest zlib 1.2.7 with -fPIC and -DPIC (seems to be required for mipsel).

I recompiled and reinstalled OpenSSL 1.0.1 with "shared no-ssl2 enable-tlsext"
"shared" also seems to build the static libraries aswell.

Then I reconpiled and libevent 2.0.19-stable.
For libevent I also used the --with-pic and pointed the ./configure to my compiled zlib 1.2.7
Also I left out the "--disable-debug-option"  this time.

Now for Tor, it seems that this "bufferevents"-options causes problems.
I threw away the log but it makes setting up the circuit very slow and after a while I'm getting timeouts and errors about "connections marked for closing?"
If you want I can rebuild it with bufferevents and send you a detailed log about it.

Anywyas I build it using these options:

./configure --host=mipsel-oe-linux --prefix=/usr --localstatedir=/var --sysconfdir=/etc \
--with-openssl-dir=/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib \
--with-zlib-dir=/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib \
--with-libevent-dir=/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib \
--enable-static-libevent --disable-asciidoc --enable-static-zlib --enable-static-openssl \
CPPFLAGS="-I/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/include" \
LDFLAGS="-L/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib" LIBS="-lz"

The resulting binary is still 5Megs after I manually stripped it, but it seems to work :)

I still can't configure with --enable-static-tor though.
The OpenSSL test will fail with:

configure:6940: mipsel-oe-linux-gcc -o conftest  -static -I/usr/local/include -I/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/include -I${top_srcdir}/src/common -L/usr/local/lib -L/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib conftest.c -lpthread -lrt -ldl -lz -lssl -lcrypto  >&5
conftest.c: In function 'main':
conftest.c:61: warning: incompatible implicit declaration of built-in function 'exit'
/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_load':
dso_dlfcn.c:(.text+0x110): undefined reference to `dlopen'
dso_dlfcn.c:(.text+0x178): undefined reference to `dlerror'
dso_dlfcn.c:(.text+0x2a8): undefined reference to `dlclose'
/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_unload':
dso_dlfcn.c:(.text+0x44c): undefined reference to `dlclose'
/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_bind_var':
dso_dlfcn.c:(.text+0x64c): undefined reference to `dlsym'
dso_dlfcn.c:(.text+0x6b4): undefined reference to `dlerror'
/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_bind_func':
dso_dlfcn.c:(.text+0x900): undefined reference to `dlsym'
dso_dlfcn.c:(.text+0x968): undefined reference to `dlerror'
/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_pathbyaddr':
dso_dlfcn.c:(.text+0x10dc): undefined reference to `dladdr'
dso_dlfcn.c:(.text+0x11cc): undefined reference to `dlerror'
/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_globallookup':
dso_dlfcn.c:(.text+0x125c): undefined reference to `dlopen'
dso_dlfcn.c:(.text+0x1290): undefined reference to `dlsym'
dso_dlfcn.c:(.text+0x12b0): undefined reference to `dlclose'
/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(c_zlib.o): In function `zlib_stateful_init':
c_zlib.c:(.text+0x214): undefined reference to `inflateInit_'
c_zlib.c:(.text+0x2c8): undefined reference to `deflateInit_'
/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(c_zlib.o): In function `zlib_stateful_finish':
c_zlib.c:(.text+0x43c): undefined reference to `inflateEnd'
c_zlib.c:(.text+0x464): undefined reference to `deflateEnd'
/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(c_zlib.o): In function `zlib_stateful_compress_block':
c_zlib.c:(.text+0x5d0): undefined reference to `deflate'
/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(c_zlib.o): In function `zlib_stateful_expand_block':
c_zlib.c:(.text+0x724): undefined reference to `inflate'
/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(c_zlib.o): In function `bio_zlib_free':
c_zlib.c:(.text+0xb7c): undefined reference to `inflateEnd'
c_zlib.c:(.text+0xbe8): undefined reference to `deflateEnd'
/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(c_zlib.o): In function `bio_zlib_read':
c_zlib.c:(.text+0xdf8): undefined reference to `inflateInit_'
c_zlib.c:(.text+0xe64): undefined reference to `inflate'
c_zlib.c:(.text+0xedc): undefined reference to `zError'
/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(c_zlib.o): In function `bio_zlib_write':
c_zlib.c:(.text+0x1274): undefined reference to `deflateInit_'
c_zlib.c:(.text+0x149c): undefined reference to `deflate'
c_zlib.c:(.text+0x1504): undefined reference to `zError'
/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(c_zlib.o): In function `bio_zlib_flush':
c_zlib.c:(.text+0x17e8): undefined reference to `deflate'
c_zlib.c:(.text+0x1874): undefined reference to `zError'
collect2: ld returned 1 exit status

The dso_dlfcn.c errors can be solved by compiling OpenSSL with "no-dso".
However I can't figure out why the static OpenSSL has trouble finding zlib?
I don't think it's a problem because my semi-static binary works well enough now :)

2012/6/27 grarpamp <grarpamp@xxxxxxxxx>

> I had to alter the Makefile

> and tell the linker where to find ... libz.so and libz.a and zlib includes

If you got a static 'openssl' binary with zlib in it, and both
.a and .so's for the openssl libs, and libevent and tor compiled
against that, I'd like to see the openssl diff. I gave up early.

> Also libevent and tor need the ./configure CPPFLAGS and LDFLAGS for zlib

Yeah, and and for against openssl and libevent too. I left that out.

> I'm only encountering timeouts after the circuit has been established:
> Jun 26 21:21:04.000 [notice] Tried for 120 seconds to get a connection to
> [scrubbed]:53. Giving up. (waiting for circuit)

Don't know., sounds normal, send a signal newnym.

> static OpenSSL 1.0.1c (... zlib ...)

I think 'zlib' works the same as not specifying any zlib* phrase.
And that not specifying 'shared' gets you only static libs and
a dynamic bin, 'shared' adds dyn libs.

> libevent-2.0.19-stable (bufferevents enabled)
> Also I compiled with miniupnpc-1.7 and libnatpmp-20110808 support.
> I think the Tor binary is too big 5.3MB which is due to libcrypto.a being
> 4.4MB (stripped).

Tor here is 3487400 bytes, stripped.

> Would you happen to know which ciphers I can drop from OpenSSL? (so I can
> shrink it a bit).

It's in the torspec docs somewhere. Probably just rsa, dh, aes and x509, basics.
Or try debug in openssl.conf.

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev