[tor-dev] TLS warning using static OpenSSL 1.0.1c
Gino Badouri
g.badouri at gmail.com
Fri Jun 29 22:32:51 UTC 2012
Thanks for the heads up.
I got it working on my mipsel box.
First of all I switched to 2.3.18-rc git.
I build the latest zlib 1.2.7 with -fPIC and -DPIC (seems to be required
for mipsel).
I recompiled and reinstalled OpenSSL 1.0.1 with "shared no-ssl2
enable-tlsext"
"shared" also seems to build the static libraries aswell.
Then I reconpiled and libevent 2.0.19-stable.
For libevent I also used the --with-pic and pointed the ./configure to my
compiled zlib 1.2.7
Also I left out the "--disable-debug-option" this time.
Now for Tor, it seems that this "bufferevents"-options causes problems.
I threw away the log but it makes setting up the circuit very slow and
after a while I'm getting timeouts and errors about "connections marked for
closing?"
If you want I can rebuild it with bufferevents and send you a detailed log
about it.
Anywyas I build it using these options:
./configure --host=mipsel-oe-linux --prefix=/usr --localstatedir=/var
--sysconfdir=/etc \
--with-openssl-dir=/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib
\
--with-zlib-dir=/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib
\
--with-libevent-dir=/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib
\
--enable-static-libevent --disable-asciidoc --enable-static-zlib
--enable-static-openssl \
CPPFLAGS="-I/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/include"
\
LDFLAGS="-L/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib"
LIBS="-lz"
The resulting binary is still 5Megs after I manually stripped it, but it
seems to work :)
I still can't configure with --enable-static-tor though.
The OpenSSL test will fail with:
configure:6940: mipsel-oe-linux-gcc -o conftest -static
-I/usr/local/include
-I/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/include
-I${top_srcdir}/src/common -L/usr/local/lib
-L/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib
conftest.c -lpthread -lrt -ldl -lz -lssl -lcrypto >&5
conftest.c: In function 'main':
conftest.c:61: warning: incompatible implicit declaration of built-in
function 'exit'
/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(dso_dlfcn.o):
In function `dlfcn_load':
dso_dlfcn.c:(.text+0x110): undefined reference to `dlopen'
dso_dlfcn.c:(.text+0x178): undefined reference to `dlerror'
dso_dlfcn.c:(.text+0x2a8): undefined reference to `dlclose'
/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(dso_dlfcn.o):
In function `dlfcn_unload':
dso_dlfcn.c:(.text+0x44c): undefined reference to `dlclose'
/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(dso_dlfcn.o):
In function `dlfcn_bind_var':
dso_dlfcn.c:(.text+0x64c): undefined reference to `dlsym'
dso_dlfcn.c:(.text+0x6b4): undefined reference to `dlerror'
/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(dso_dlfcn.o):
In function `dlfcn_bind_func':
dso_dlfcn.c:(.text+0x900): undefined reference to `dlsym'
dso_dlfcn.c:(.text+0x968): undefined reference to `dlerror'
/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(dso_dlfcn.o):
In function `dlfcn_pathbyaddr':
dso_dlfcn.c:(.text+0x10dc): undefined reference to `dladdr'
dso_dlfcn.c:(.text+0x11cc): undefined reference to `dlerror'
/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(dso_dlfcn.o):
In function `dlfcn_globallookup':
dso_dlfcn.c:(.text+0x125c): undefined reference to `dlopen'
dso_dlfcn.c:(.text+0x1290): undefined reference to `dlsym'
dso_dlfcn.c:(.text+0x12b0): undefined reference to `dlclose'
/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(c_zlib.o):
In function `zlib_stateful_init':
c_zlib.c:(.text+0x214): undefined reference to `inflateInit_'
c_zlib.c:(.text+0x2c8): undefined reference to `deflateInit_'
/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(c_zlib.o):
In function `zlib_stateful_finish':
c_zlib.c:(.text+0x43c): undefined reference to `inflateEnd'
c_zlib.c:(.text+0x464): undefined reference to `deflateEnd'
/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(c_zlib.o):
In function `zlib_stateful_compress_block':
c_zlib.c:(.text+0x5d0): undefined reference to `deflate'
/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(c_zlib.o):
In function `zlib_stateful_expand_block':
c_zlib.c:(.text+0x724): undefined reference to `inflate'
/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(c_zlib.o):
In function `bio_zlib_free':
c_zlib.c:(.text+0xb7c): undefined reference to `inflateEnd'
c_zlib.c:(.text+0xbe8): undefined reference to `deflateEnd'
/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(c_zlib.o):
In function `bio_zlib_read':
c_zlib.c:(.text+0xdf8): undefined reference to `inflateInit_'
c_zlib.c:(.text+0xe64): undefined reference to `inflate'
c_zlib.c:(.text+0xedc): undefined reference to `zError'
/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(c_zlib.o):
In function `bio_zlib_write':
c_zlib.c:(.text+0x1274): undefined reference to `deflateInit_'
c_zlib.c:(.text+0x149c): undefined reference to `deflate'
c_zlib.c:(.text+0x1504): undefined reference to `zError'
/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(c_zlib.o):
In function `bio_zlib_flush':
c_zlib.c:(.text+0x17e8): undefined reference to `deflate'
c_zlib.c:(.text+0x1874): undefined reference to `zError'
collect2: ld returned 1 exit status
The dso_dlfcn.c errors can be solved by compiling OpenSSL with "no-dso".
However I can't figure out why the static OpenSSL has trouble finding zlib?
I don't think it's a problem because my semi-static binary works well
enough now :)
2012/6/27 grarpamp <grarpamp at gmail.com>
> > I had to alter the Makefile
> > and tell the linker where to find ... libz.so and libz.a and zlib
> includes
>
> If you got a static 'openssl' binary with zlib in it, and both
> .a and .so's for the openssl libs, and libevent and tor compiled
> against that, I'd like to see the openssl diff. I gave up early.
>
> > Also libevent and tor need the ./configure CPPFLAGS and LDFLAGS for zlib
>
> Yeah, and and for against openssl and libevent too. I left that out.
>
> > I'm only encountering timeouts after the circuit has been established:
> > Jun 26 21:21:04.000 [notice] Tried for 120 seconds to get a connection to
> > [scrubbed]:53. Giving up. (waiting for circuit)
>
> Don't know., sounds normal, send a signal newnym.
>
> > static OpenSSL 1.0.1c (... zlib ...)
>
> I think 'zlib' works the same as not specifying any zlib* phrase.
> And that not specifying 'shared' gets you only static libs and
> a dynamic bin, 'shared' adds dyn libs.
>
> > libevent-2.0.19-stable (bufferevents enabled)
> > Also I compiled with miniupnpc-1.7 and libnatpmp-20110808 support.
> > I think the Tor binary is too big 5.3MB which is due to libcrypto.a being
> > 4.4MB (stripped).
>
> Tor here is 3487400 bytes, stripped.
>
> > Would you happen to know which ciphers I can drop from OpenSSL? (so I can
> > shrink it a bit).
>
> It's in the torspec docs somewhere. Probably just rsa, dh, aes and x509,
> basics.
> Or try debug in openssl.conf.
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20120630/b5a2ccb7/attachment.html>
More information about the tor-dev
mailing list