[tor-dev] TLS warning using static OpenSSL 1.0.1c
Gino Badouri
g.badouri at gmail.com
Tue Jun 26 19:27:58 UTC 2012
It works!
Thanks grarpamp!
Using zlib instead of zlib-dynamic fixed it like you said
I had to alter the Makefile and tell the linker where to find my mipsel
libz.so and libz.a and zlib includes
Also libevent and tor need the ./configure CPPFLAGS and LDFLAGS for zlib
too.
I'm only encountering timeouts after the circuit has been established:
Jun 26 21:21:04.000 [notice] Tried for 120 seconds to get a connection to
[scrubbed]:53. Giving up. (waiting for circuit)
This is using Tor-2.3.17-beta using static OpenSSL 1.0.1c (no-idea no-mdc2
no-rc5 zlib enable-tlsext no-ssl2) and libevent-2.0.19-stable (bufferevents
enabled)
Also I compiled with miniupnpc-1.7 and libnatpmp-20110808 support.
I think the Tor binary is too big 5.3MB which is due to libcrypto.a being
4.4MB (stripped).
Would you happen to know which ciphers I can drop from OpenSSL? (so I can
shrink it a bit).
2012/6/25 grarpamp <grarpamp at gmail.com>
> > OpenSSL 1.0.1c has been build with:
> > ./Configure debian-mipsel shared enable-tlsext zlib-dynamic no-ssl2
>
> I've never been able to compile openssl statically such that I could use
> the resultant binary, dynlib and statlib it everywhere needed. Nor does
> zlib play right in that. More on the ssl mail list.
>
> > could not load the shared library (in DSO support routines
>
> I remember something like that before. Redo your openssl without
> 'zlib-dynamic'. Redo libevent against that. Then do Tor as static.
> I think that should make it go away.
>
> Be sure libevent/tor ./configure's are pointed against ssl you compiled,
> and not default system libs.
>
> I also think 'enable-tlsext' is redundant in that ./config probably
> includes it automatically now, as with no-ssl2. See: openssl ciphers -v.
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20120626/6434e154/attachment.html>
More information about the tor-dev
mailing list