[tor-dev] TLS warning using static OpenSSL 1.0.1c

Gino Badouri g.badouri at gmail.com
Mon Jun 25 19:27:35 UTC 2012 

Strange it happens all the time with OpenSSL 1.0.1c
Even with the non-debian version.
I tried the vanilla OpenSSL with only the patch for "linux-mipsel" in
Configure.

When it performs it's handshake it will still spawn the message:
Jun 25 20:57:31.000 [warn] TLS error while creating tor_tls_t object: could
not load the shared library (in DSO support routines:DLFCN_LOAD:---)
Jun 25 20:57:31.000 [warn] TLS error while creating tor_tls_t object: could
not load the shared library (in DSO support routines:DSO_load:---)

However Tor continues to work fine.
I think the warning can be ignored because Tor has been compiled with
"--enable-static-openssl"
Also OpenSSL has been compiled with "enable-tlsext" and I've checked my
static libssl.a with mipsel-linux-objdump and the tls symbols are there.

So I guess Tor looks for the shared tls extension first (which doesn't
exist) and then continues with its statically linked tls-enabled-openssl
instead.

Would Tor fail to connect without tls?


2012/6/22 Gino Badouri <g.badouri at gmail.com>

> Hi Nick,
>
> Thanks for your response.
> I've recompiled Tor with --disable-linker-hardening and
> --disable-gcc-hardening but I still get the warning regarding tls support.
>
> Jun 22 18:00:04.000 [notice] Tor 0.2.3.17-beta opening new log file.
> Jun 22 18:00:04.000 [warn] You are running Tor as root. You don't need to,
> and you probably shouldn't.
> Jun 22 18:00:05.000 [notice] No AES engine found; using AES_* functions.
> Jun 22 18:00:05.000 [notice] This OpenSSL has a good implementation of
> counter mode; using it.
> Jun 22 18:00:06.000 [notice] OpenSSL OpenSSL 1.0.1c 10 May 2012 looks like
> version 0.9.8m or later; I will try SSL_OP to enable renegotiation
> Jun 22 18:00:12.000 [notice] Reloaded microdescriptor cache.  Found 0
> descriptors.
> Jun 22 18:00:12.000 [notice] I learned some more directory information,
> but not enough to build a circuit: We have no usable consensus.
> Jun 22 18:00:13.000 [notice] Bootstrapped 5%: Connecting to directory
> server.
> Jun 22 18:00:13.000 [notice] Heartbeat: Tor's uptime is 0:00 hours, with 1
> circuits open. I've sent 0 kB and received 0 kB.
> Jun 22 18:00:13.000 [notice] Bootstrapped 10%: Finishing handshake with
> directory server.
> Jun 22 18:00:13.000 [warn] TLS error while creating tor_tls_t object:
> could not load the shared library (in DSO support routines:DLFCN_LOAD:---)
> Jun 22 18:00:13.000 [warn] TLS error while creating tor_tls_t object:
> could not load the shared library (in DSO support routines:DSO_load:---)
> Jun 22 18:00:14.000 [notice] Bootstrapped 15%: Establishing an encrypted
> directory connection.
> Jun 22 18:00:14.000 [notice] Bootstrapped 20%: Asking for networkstatus
> consensus.
> Jun 22 18:00:14.000 [notice] Bootstrapped 25%: Loading networkstatus
> consensus.
> Jun 22 18:00:17.000 [notice] I learned some more directory information,
> but not enough to build a circuit: We have no usable consensus.
> Jun 22 18:00:18.000 [notice] Bootstrapped 40%: Loading authority key certs.
> Jun 22 18:00:21.000 [notice] Bootstrapped 45%: Asking for relay
> descriptors.
> Jun 22 18:00:21.000 [notice] I learned some more directory information,
> but not enough to build a circuit: We have only 0/2920 usable
> microdescriptors.
> Jun 22 18:00:42.000 [notice] We now have enough directory information to
> build circuits.
> Jun 22 18:00:42.000 [notice] Bootstrapped 80%: Connecting to the Tor
> network.
> Jun 22 18:00:42.000 [notice] Bootstrapped 90%: Establishing a Tor circuit.
> Jun 22 18:00:47.000 [notice] Tor has successfully opened a circuit. Looks
> like client functionality is working.
> Jun 22 18:00:47.000 [notice] Bootstrapped 100%: Done.
>
> It could be that Debian FIPS' version of OpenSSL 1.0.1c is causing this
> problem.
> But it was only "mipsel" patch for OpenSSL 1.0.1c I could find.
>
> I'll  try the stable build of Tor and report back.
>
>
> 2012/6/21 Nick Mathewson <nickm at alum.mit.edu>
>
>> On Thu, Jun 21, 2012 at 5:05 PM, Gino Badouri <g.badouri at gmail.com>
>> wrote:
>> > Hi there,
>> >
>> > My goal is to run Tor on small cluster of embedded mips devices.
>> > Because the platform runs on an older version of OpenSSL and libevent I
>> have
>> > chosen to statically link them with Tor.
>> >
>> > So I went ahead to compile the components.
>> > I'm aiming at the beta version: 0.2.3.17
>> >
>> > OpenSSL 1.0.1c has been build with:
>> > ./Configure debian-mipsel shared enable-tlsext zlib-dynamic no-ssl2
>> >
>> >
>> > libevent-2.0.19-stable has been built with:
>> > ./configure --enable-openssl --disable-debug-mode --with-pic
>>
>> Hm.  Just to rule something out that got added in 0.2.3.17-beta: could
>> you try configuring Tor with --disable-compiler-hardening and
>> --disable-linker-hardening, and see if that makes a difference?
>> _______________________________________________
>> tor-dev mailing list
>> tor-dev at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20120625/36c3281b/attachment.html>

More information about the tor-dev mailing list