[SUCCESS] Re: descriptor published, but router missing from consensus

Scott Bennett bennett at cs.niu.edu
Sun Apr 11 08:59:26 UTC 2010


     On Sat, 10 Apr 2010 14:25:35 +0200 Hans Schnehl <torvallenator at gmail.com>
wrote:
>On Fri, Apr 09, 2010 at 05:53:15PM -0500, Scott Bennett wrote:

     The short and simple:  tor 0.2.2.7-alpha is working correctly again after
I downgraded openssl to 0.9.8n.  That fact, combined with its failure to work
as a relay with openssl 1.0.0, strongly suggests that something crucial in
openssl broke between 0.9.8n and 1.0.0.

>>      On Sat, 10 Apr 2010 00:26:39 +0200 Sebastian Hahn <mail at sebastianhahn.net>
>> wrote:
>> >On Apr 9, 2010, at 11:44 PM, Scott Bennett wrote:
>> >>     Do you know whether anyone else has tor working properly with
>> >> openssl 1.0.0 ?  I'm considering downgrading it back to 0.9.8n as a
>> >> test to begin eliminating different possible sources of trouble.   
>[...]
>
>Tor 0.2.2.10-alpha (git-81b84c0b017267b4) on FreeBSD 8-Stable amd64 
>runs a little bumpy (these are, of course, strictly scientific terms) with
>openssl 1.0.0.  
> Tor is statically compiled against the most  recent libevent (git)  and 
>openssl-1.0.0.
>There's higher load to the cpu with less utilized bandwidt than with
>previous versions.

     I have:

FreeBSD hellas 7.3-STABLE FreeBSD 7.3-STABLE #7: Thu Mar 25 21:28:02 CDT 2010
  bennett at hellas:/usr/obj/usr/src/sys/hellas  i386

Also, I am reluctant to upgrade to 0.2.2.10-alpha unless and until someone
can show me a suitable substitute for .exit for testing the truthfulness of
exit nodes.
>
>Best performance was with Tor 0.2.2.10-alpha (git-81b84c0b017267b4) 
>statically compiled against  libevent-1.4.13 (the one in the FreeBSD

     That's the libevent I'm using, too.

>ports tree) and  openssl-1.0.0-beta5. Probably will build that again in order
>to regain performance. 
>Some change in between O*ssl-1.0.0-beta5 and -stable might be the reason.
> Don't know.
>
>> >> (That
>> >> is what was working before.)  However, it is a bit of a nuisance to do
>> >> that, so I'd rather not do it if it's clear that the openssl version
>> >> isn't the source of my troubles.
>> >
>> >openssl 1.0.0, but we did some testing with the beta versions before
>> >and it seemed to work; afaik. Getting your results with a downgraded
>> 
>[...]
>>      I don't actually know how much work it is because I've never tried
>> it.  There is now a tool called "ports-mgmt/portdowngrade" in the ports
>> tree that I'll need to install first to do the job.  That *shouldn't* be
>[...]
>
>portdowngrade works fine, even if not at all new, by talking to cvs-servers. 
>You might want to save time and nerves by statically compiling the
>tor-binary, though. 
>There's a post in or-talk
>http://archives.seul.org/or/talk/Jan-2010/msg00011.html ( by grarpamp )
>about how to do that.

     That's okay.  If openssl 1.0.0 is broken, then I just won't update from
0.9.8n again until someone reports that a newer version works.  I've already
added a /var/db/pkg/openssl-0.9.8n/+IGNOREME file and also a "-x openssl" to
my list of portmaster -x options for various unbuildable ports, so that a
"portmaster [various options] -a" *should* avoid it.
>
>Just run 'configure' and 'make', _avoid_ 'make install' and drop the
>resulting tor-binary from  /src/or/tor to your PATH. (Remove or hide the
>old one before, of course) 
>
>I do not intend to start a bikeshed discussion about pro's and con's of
>statically compiled binaries, but this saves the nuisance and keeps
>the rest of your system away from  testing different library versions
>three times a day :)
>
     :-)
     As noted above, I will keep only a single version, 0.9.8n, until I know
of a version to which I can safely update.
     On another note, working backward from today, portdowngrade shows the
comment for commission #11 (port version 0.9.8l_2) as:

	- new option WITH_OPENSSL_THREADS

Can anyone tell me what WITH_OPENSSL_THREADS enables and whether it provides
anything new and beneficial for tor relays running on systems with multiple
logical and/or physical CPUs?


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************



More information about the tor-relays mailing list