[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Still problems with TLS negotiation
On Sat, 2 Jan 2010 16:02:23 -0500 grarpamp <grarpamp@xxxxxxxxx>
wrote:
>FreeBSD RELENG_8 20091229T1432 works fine from current sources:
>
>openssl version -v -p
> OpenSSL 0.9.8k 25 Mar 2009
However, if one installs openssl from the ports tree, it will be
version 0.9.8l instead.
> platform: FreeBSD-i386
>mkdir tor ; cd tor
>tar -xf /.../openssl-0.9.8l.tar.gz
>tar -xf /.../libevent-1.4.13-stable.tar.gz
>tar -xf /.../tor-0.2.1.21.tar.gz
>c () { /usr/bin/env - PATH=/usr/bin:/bin:/usr/sbin:/sbin /bin/sh -c "$1" ; }
>cd openssl-0.9.8l
> c './config --prefix=$(realpath ..) no-sse2 shared enable-camellia'
> c 'make depend ; make ; make install_docs install_sw'
> cd ..
>cd libevent-1.4.13-stable
> c './configure --prefix=$(realpath ..) ; make ; make install'
> cd ..
>cd tor-0.2.1.21
> c 'CPPFLAGS=-static LDFLAGS=-static ./configure --prefix=$(realpath
>..) --with-openssl-dir=$(realpath ..) --with-libevent-dir=$(realpath
>..)'
> c 'make ; make install'
> cd ..
>./bin/tor <args>
It is not necessary to link with static libraries. Here is an excerpt
from something I posted to freebsd-questions a while back in response to
a query from a lady having the same kind of problem with mutt.
+Subject: Re: Mutt and openssl from port
+
+ On Sat, 12 Dec 2009 21:46:27 +0200 Lena@xxxxxxxxxxxx wrote:
+>7.1-PRERELEASE. I'd like Mutt to use zlib compression when connecting to pop3s.
+>openssl in base doesn't support zlib. I installed openssl port from package
+>(in the port zlib in on by default), wrote in make.conf:
+>
+>WITH_OPENSSL_PORT=yes
+>
+>and `portupgrade -f mutt`. However, Mutt still uses openssl from base:
+>
+>~ $ ldd /usr/local/bin/mutt
+>/usr/local/bin/mutt:
+> libncursesw.so.7 => /lib/libncursesw.so.7 (0x28103000)
+> libssl.so.5 => /usr/lib/libssl.so.5 (0x2814f000)
+> libcrypto.so.5 => /lib/libcrypto.so.5 (0x28190000)
+> libintl.so.8 => /usr/local/lib/libintl.so.8 (0x282ea000)
+> libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x282f3000)
+> libc.so.7 => /lib/libc.so.7 (0x283ea000)
+>
+ Right. We tor users just went through that, too. The problem is that
+what WITH_OPENSSL_PORT=YES does is to add -L/usr/local/lib to the cc or gcc
+command that does the link edit step. However, that adds the desired
+directory to the *end* of the list of directories to be searched, when what
+you want is to put it at the beginning of the list. What I ended up doing
+was to add LDFLAGS="-rpath=/usr/local/lib" to the ./configure step for tor,
+so you may want to take a look at the "make config" target to see how best
+to do that for mutt. Be careful that the use of -rpath won't cause it to
+include libraries from /usr/local/lib instead of from the base system for
+other stuff where you might not want that to happen.
>...
>Jan 02 xx:xx:xx.xxx [notice] Bootstrapped 100%: Done.
>
>Tor should be made to emit both the libevent and openssl version
>strings upon startup.
Yes, that would also be nice to have.
Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at cs.niu.edu *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/