[tor-dev] TLS warning using static OpenSSL 1.0.1c

Fri Jun 22 16:06:17 UTC 2012

Hi Nick,

Thanks for your response.
I've recompiled Tor with --disable-linker-hardening and
--disable-gcc-hardening but I still get the warning regarding tls support.

Jun 22 18:00:04.000 [notice] Tor 0.2.3.17-beta opening new log file.
Jun 22 18:00:04.000 [warn] You are running Tor as root. You don't need to,
and you probably shouldn't.
Jun 22 18:00:05.000 [notice] No AES engine found; using AES_* functions.
Jun 22 18:00:05.000 [notice] This OpenSSL has a good implementation of
counter mode; using it.
Jun 22 18:00:06.000 [notice] OpenSSL OpenSSL 1.0.1c 10 May 2012 looks like
version 0.9.8m or later; I will try SSL_OP to enable renegotiation
Jun 22 18:00:12.000 [notice] Reloaded microdescriptor cache.  Found 0
descriptors.
Jun 22 18:00:12.000 [notice] I learned some more directory information, but
not enough to build a circuit: We have no usable consensus.
Jun 22 18:00:13.000 [notice] Bootstrapped 5%: Connecting to directory
server.
Jun 22 18:00:13.000 [notice] Heartbeat: Tor's uptime is 0:00 hours, with 1
circuits open. I've sent 0 kB and received 0 kB.
Jun 22 18:00:13.000 [notice] Bootstrapped 10%: Finishing handshake with
directory server.
Jun 22 18:00:13.000 [warn] TLS error while creating tor_tls_t object: could
not load the shared library (in DSO support routines:DLFCN_LOAD:---)
Jun 22 18:00:13.000 [warn] TLS error while creating tor_tls_t object: could
not load the shared library (in DSO support routines:DSO_load:---)
Jun 22 18:00:14.000 [notice] Bootstrapped 15%: Establishing an encrypted
directory connection.
Jun 22 18:00:14.000 [notice] Bootstrapped 20%: Asking for networkstatus
consensus.
Jun 22 18:00:14.000 [notice] Bootstrapped 25%: Loading networkstatus
consensus.
Jun 22 18:00:17.000 [notice] I learned some more directory information, but
not enough to build a circuit: We have no usable consensus.
Jun 22 18:00:18.000 [notice] Bootstrapped 40%: Loading authority key certs.
Jun 22 18:00:21.000 [notice] Bootstrapped 45%: Asking for relay descriptors.
Jun 22 18:00:21.000 [notice] I learned some more directory information, but
not enough to build a circuit: We have only 0/2920 usable microdescriptors.
Jun 22 18:00:42.000 [notice] We now have enough directory information to
build circuits.
Jun 22 18:00:42.000 [notice] Bootstrapped 80%: Connecting to the Tor
network.
Jun 22 18:00:42.000 [notice] Bootstrapped 90%: Establishing a Tor circuit.
Jun 22 18:00:47.000 [notice] Tor has successfully opened a circuit. Looks
like client functionality is working.
Jun 22 18:00:47.000 [notice] Bootstrapped 100%: Done.

It could be that Debian FIPS' version of OpenSSL 1.0.1c is causing this
problem.
But it was only "mipsel" patch for OpenSSL 1.0.1c I could find.

I'll  try the stable build of Tor and report back.

2012/6/21 Nick Mathewson <nickm at alum.mit.edu>

> On Thu, Jun 21, 2012 at 5:05 PM, Gino Badouri <g.badouri at gmail.com> wrote:
> > Hi there,
> >
> > My goal is to run Tor on small cluster of embedded mips devices.
> > Because the platform runs on an older version of OpenSSL and libevent I
> have
> > chosen to statically link them with Tor.
> >
> > So I went ahead to compile the components.
> > I'm aiming at the beta version: 0.2.3.17
> >
> > OpenSSL 1.0.1c has been build with:
> > ./Configure debian-mipsel shared enable-tlsext zlib-dynamic no-ssl2
> >
> >
> > libevent-2.0.19-stable has been built with:
> > ./configure --enable-openssl --disable-debug-mode --with-pic
>
> Hm.  Just to rule something out that got added in 0.2.3.17-beta: could
> you try configuring Tor with --disable-compiler-hardening and
> --disable-linker-hardening, and see if that makes a difference?
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20120622/b5aee788/attachment.html>