Strange it happens all the time with OpenSSL 1.0.1c<br>Even with the non-debian version.<br>I tried the vanilla OpenSSL with only the patch for "linux-mipsel" in Configure.<br><br>When it performs it's handshake it will still spawn the message:<br>
Jun 25 20:57:31.000 [warn] TLS error while creating tor_tls_t object: could not load the shared library (in DSO support routines:DLFCN_LOAD:---)<br>Jun 25 20:57:31.000 [warn] TLS error while creating tor_tls_t object: could not load the shared library (in DSO support routines:DSO_load:---)<br>
<br>However Tor continues to work fine.<br>I think the warning can be ignored because Tor has been compiled with "--enable-static-openssl"<br>Also OpenSSL has been compiled with "enable-tlsext" and I've checked my static libssl.a with mipsel-linux-objdump and the tls symbols are there.<br>
<br>So I guess Tor looks for the shared tls extension first (which doesn't exist) and then continues with its statically linked tls-enabled-openssl instead.<br><br>Would Tor fail to connect without tls?<br><br><br><div class="gmail_quote">
2012/6/22 Gino Badouri <span dir="ltr"><<a href="mailto:g.badouri@gmail.com" target="_blank">g.badouri@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Nick,<br><br>Thanks for your response.<br>I've recompiled Tor with --disable-linker-hardening and --disable-gcc-hardening but I still get the warning regarding tls support.<br><br>Jun 22 18:00:04.000 [notice] Tor 0.2.3.17-beta opening new log file.<br>
Jun 22 18:00:04.000 [warn] You are running Tor as root. You don't need to, and you probably shouldn't.<br>Jun 22 18:00:05.000 [notice] No AES engine found; using AES_* functions.<br>Jun 22 18:00:05.000 [notice] This OpenSSL has a good implementation of counter mode; using it.<br>
Jun 22 18:00:06.000 [notice] OpenSSL OpenSSL 1.0.1c 10 May 2012 looks like version 0.9.8m or later; I will try SSL_OP to enable renegotiation<br>Jun 22 18:00:12.000 [notice] Reloaded microdescriptor cache. Found 0 descriptors.<br>
Jun 22 18:00:12.000 [notice] I learned some more directory information, but not enough to build a circuit: We have no usable consensus.<br>Jun 22 18:00:13.000 [notice] Bootstrapped 5%: Connecting to directory server.<br>
Jun 22 18:00:13.000 [notice] Heartbeat: Tor's uptime is 0:00 hours, with 1 circuits open. I've sent 0 kB and received 0 kB.<br>
Jun 22 18:00:13.000 [notice] Bootstrapped 10%: Finishing handshake with directory server.<br>Jun 22 18:00:13.000 [warn] TLS error while creating tor_tls_t object: could not load the shared library (in DSO support routines:DLFCN_LOAD:---)<br>
Jun 22 18:00:13.000 [warn] TLS error while creating tor_tls_t object: could not load the shared library (in DSO support routines:DSO_load:---)<br>Jun 22 18:00:14.000 [notice] Bootstrapped 15%: Establishing an encrypted directory connection.<br>
Jun 22 18:00:14.000 [notice] Bootstrapped 20%: Asking for networkstatus consensus.<br>Jun 22 18:00:14.000 [notice] Bootstrapped 25%: Loading networkstatus consensus.<br>Jun 22 18:00:17.000 [notice] I learned some more directory information, but not enough to build a circuit: We have no usable consensus.<br>
Jun 22 18:00:18.000 [notice] Bootstrapped 40%: Loading authority key certs.<br>Jun 22 18:00:21.000 [notice] Bootstrapped 45%: Asking for relay descriptors.<br>Jun 22 18:00:21.000 [notice] I learned some more directory information, but not enough to build a circuit: We have only 0/2920 usable microdescriptors.<br>
Jun 22 18:00:42.000 [notice] We now have enough directory information to build circuits.<br>Jun 22 18:00:42.000 [notice] Bootstrapped 80%: Connecting to the Tor network.<br>Jun 22 18:00:42.000 [notice] Bootstrapped 90%: Establishing a Tor circuit.<br>
Jun 22 18:00:47.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.<br>Jun 22 18:00:47.000 [notice] Bootstrapped 100%: Done.<br><br>It could be that Debian FIPS' version of OpenSSL 1.0.1c is causing this problem.<br>
But it was only "mipsel" patch for OpenSSL 1.0.1c I could find.<br><br>I'll try the stable build of Tor and report back.<div class="HOEnZb"><div class="h5"><br><br><div class="gmail_quote">2012/6/21 Nick Mathewson <span dir="ltr"><<a href="mailto:nickm@alum.mit.edu" target="_blank">nickm@alum.mit.edu</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>On Thu, Jun 21, 2012 at 5:05 PM, Gino Badouri <<a href="mailto:g.badouri@gmail.com" target="_blank">g.badouri@gmail.com</a>> wrote:<br>
> Hi there,<br>
><br>
> My goal is to run Tor on small cluster of embedded mips devices.<br>
> Because the platform runs on an older version of OpenSSL and libevent I have<br>
> chosen to statically link them with Tor.<br>
><br>
> So I went ahead to compile the components.<br>
> I'm aiming at the beta version: 0.2.3.17<br>
><br>
> OpenSSL 1.0.1c has been build with:<br>
> ./Configure debian-mipsel shared enable-tlsext zlib-dynamic no-ssl2<br>
><br>
><br>
> libevent-2.0.19-stable has been built with:<br>
> ./configure --enable-openssl --disable-debug-mode --with-pic<br>
<br>
</div>Hm. Just to rule something out that got added in 0.2.3.17-beta: could<br>
you try configuring Tor with --disable-compiler-hardening and<br>
--disable-linker-hardening, and see if that makes a difference?<br>
_______________________________________________<br>
tor-dev mailing list<br>
<a href="mailto:tor-dev@lists.torproject.org" target="_blank">tor-dev@lists.torproject.org</a><br>
<a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev" target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev</a><br>
</blockquote></div><br>
</div></div></blockquote></div><br>