[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] TLS warning using static OpenSSL 1.0.1c



Strange it happens all the time with OpenSSL 1.0.1c
Even with the non-debian version.
I tried the vanilla OpenSSL with only the patch for "linux-mipsel" in Configure.

When it performs it's handshake it will still spawn the message:
Jun 25 20:57:31.000 [warn] TLS error while creating tor_tls_t object: could not load the shared library (in DSO support routines:DLFCN_LOAD:---)
Jun 25 20:57:31.000 [warn] TLS error while creating tor_tls_t object: could not load the shared library (in DSO support routines:DSO_load:---)

However Tor continues to work fine.
I think the warning can be ignored because Tor has been compiled with "--enable-static-openssl"
Also OpenSSL has been compiled with "enable-tlsext" and I've checked my static libssl.a with mipsel-linux-objdump and the tls symbols are there.

So I guess Tor looks for the shared tls extension first (which doesn't exist) and then continues with its statically linked tls-enabled-openssl instead.

Would Tor fail to connect without tls?


2012/6/22 Gino Badouri <g.badouri@xxxxxxxxx>
Hi Nick,

Thanks for your response.
I've recompiled Tor with --disable-linker-hardening and --disable-gcc-hardening but I still get the warning regarding tls support.

Jun 22 18:00:04.000 [notice] Tor 0.2.3.17-beta opening new log file.
Jun 22 18:00:04.000 [warn] You are running Tor as root. You don't need to, and you probably shouldn't.
Jun 22 18:00:05.000 [notice] No AES engine found; using AES_* functions.
Jun 22 18:00:05.000 [notice] This OpenSSL has a good implementation of counter mode; using it.
Jun 22 18:00:06.000 [notice] OpenSSL OpenSSL 1.0.1c 10 May 2012 looks like version 0.9.8m or later; I will try SSL_OP to enable renegotiation
Jun 22 18:00:12.000 [notice] Reloaded microdescriptor cache.  Found 0 descriptors.
Jun 22 18:00:12.000 [notice] I learned some more directory information, but not enough to build a circuit: We have no usable consensus.
Jun 22 18:00:13.000 [notice] Bootstrapped 5%: Connecting to directory server.
Jun 22 18:00:13.000 [notice] Heartbeat: Tor's uptime is 0:00 hours, with 1 circuits open. I've sent 0 kB and received 0 kB.
Jun 22 18:00:13.000 [notice] Bootstrapped 10%: Finishing handshake with directory server.
Jun 22 18:00:13.000 [warn] TLS error while creating tor_tls_t object: could not load the shared library (in DSO support routines:DLFCN_LOAD:---)
Jun 22 18:00:13.000 [warn] TLS error while creating tor_tls_t object: could not load the shared library (in DSO support routines:DSO_load:---)
Jun 22 18:00:14.000 [notice] Bootstrapped 15%: Establishing an encrypted directory connection.
Jun 22 18:00:14.000 [notice] Bootstrapped 20%: Asking for networkstatus consensus.
Jun 22 18:00:14.000 [notice] Bootstrapped 25%: Loading networkstatus consensus.
Jun 22 18:00:17.000 [notice] I learned some more directory information, but not enough to build a circuit: We have no usable consensus.
Jun 22 18:00:18.000 [notice] Bootstrapped 40%: Loading authority key certs.
Jun 22 18:00:21.000 [notice] Bootstrapped 45%: Asking for relay descriptors.
Jun 22 18:00:21.000 [notice] I learned some more directory information, but not enough to build a circuit: We have only 0/2920 usable microdescriptors.
Jun 22 18:00:42.000 [notice] We now have enough directory information to build circuits.
Jun 22 18:00:42.000 [notice] Bootstrapped 80%: Connecting to the Tor network.
Jun 22 18:00:42.000 [notice] Bootstrapped 90%: Establishing a Tor circuit.
Jun 22 18:00:47.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Jun 22 18:00:47.000 [notice] Bootstrapped 100%: Done.

It could be that Debian FIPS' version of OpenSSL 1.0.1c is causing this problem.
But it was only "mipsel" patch for OpenSSL 1.0.1c I could find.

I'll  try the stable build of Tor and report back.


2012/6/21 Nick Mathewson <nickm@xxxxxxxxxxxx>
On Thu, Jun 21, 2012 at 5:05 PM, Gino Badouri <g.badouri@xxxxxxxxx> wrote:
> Hi there,
>
> My goal is to run Tor on small cluster of embedded mips devices.
> Because the platform runs on an older version of OpenSSL and libevent I have
> chosen to statically link them with Tor.
>
> So I went ahead to compile the components.
> I'm aiming at the beta version: 0.2.3.17
>
> OpenSSL 1.0.1c has been build with:
> ./Configure debian-mipsel shared enable-tlsext zlib-dynamic no-ssl2
>
>
> libevent-2.0.19-stable has been built with:
> ./configure --enable-openssl --disable-debug-mode --with-pic

Hm.  Just to rule something out that got added in 0.2.3.17-beta: could
you try configuring Tor with --disable-compiler-hardening and
--disable-linker-hardening, and see if that makes a difference?
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev


_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev