[SUCCESS] Re: descriptor published, but router missing from consensus

DC newswiki at gmail.com
Sun Apr 11 16:52:53 UTC 2010


can you guys guide me where i can have that 0.9.8n version and upgrade ?
and
i got tor 0.2.2.7-alpha  in archive but upon installing it stop
because of being not signed.  is it safe to continue?

On 4/11/10, Scott Bennett <bennett at cs.niu.edu> wrote:
>      On Sat, 10 Apr 2010 14:25:35 +0200 Hans Schnehl
> <torvallenator at gmail.com>
> wrote:
>>On Fri, Apr 09, 2010 at 05:53:15PM -0500, Scott Bennett wrote:
>
>      The short and simple:  tor 0.2.2.7-alpha is working correctly again
> after
> I downgraded openssl to 0.9.8n.  That fact, combined with its failure to
> work
> as a relay with openssl 1.0.0, strongly suggests that something crucial in
> openssl broke between 0.9.8n and 1.0.0.
>
>>>      On Sat, 10 Apr 2010 00:26:39 +0200 Sebastian Hahn
>>> <mail at sebastianhahn.net>
>>> wrote:
>>> >On Apr 9, 2010, at 11:44 PM, Scott Bennett wrote:
>>> >>     Do you know whether anyone else has tor working properly with
>>> >> openssl 1.0.0 ?  I'm considering downgrading it back to 0.9.8n as a
>>> >> test to begin eliminating different possible sources of trouble.
>>[...]
>>
>>Tor 0.2.2.10-alpha (git-81b84c0b017267b4) on FreeBSD 8-Stable amd64
>>runs a little bumpy (these are, of course, strictly scientific terms) with
>>openssl 1.0.0.
>> Tor is statically compiled against the most  recent libevent (git)  and
>>openssl-1.0.0.
>>There's higher load to the cpu with less utilized bandwidt than with
>>previous versions.
>
>      I have:
>
> FreeBSD hellas 7.3-STABLE FreeBSD 7.3-STABLE #7: Thu Mar 25 21:28:02 CDT
> 2010
>   bennett at hellas:/usr/obj/usr/src/sys/hellas  i386
>
> Also, I am reluctant to upgrade to 0.2.2.10-alpha unless and until someone
> can show me a suitable substitute for .exit for testing the truthfulness of
> exit nodes.
>>
>>Best performance was with Tor 0.2.2.10-alpha (git-81b84c0b017267b4)
>>statically compiled against  libevent-1.4.13 (the one in the FreeBSD
>
>      That's the libevent I'm using, too.
>
>>ports tree) and  openssl-1.0.0-beta5. Probably will build that again in
>> order
>>to regain performance.
>>Some change in between O*ssl-1.0.0-beta5 and -stable might be the reason.
>> Don't know.
>>
>>> >> (That
>>> >> is what was working before.)  However, it is a bit of a nuisance to do
>>> >> that, so I'd rather not do it if it's clear that the openssl version
>>> >> isn't the source of my troubles.
>>> >
>>> >openssl 1.0.0, but we did some testing with the beta versions before
>>> >and it seemed to work; afaik. Getting your results with a downgraded
>>>
>>[...]
>>>      I don't actually know how much work it is because I've never tried
>>> it.  There is now a tool called "ports-mgmt/portdowngrade" in the ports
>>> tree that I'll need to install first to do the job.  That *shouldn't* be
>>[...]
>>
>>portdowngrade works fine, even if not at all new, by talking to
>> cvs-servers.
>>You might want to save time and nerves by statically compiling the
>>tor-binary, though.
>>There's a post in or-talk
>>http://archives.seul.org/or/talk/Jan-2010/msg00011.html ( by grarpamp )
>>about how to do that.
>
>      That's okay.  If openssl 1.0.0 is broken, then I just won't update from
> 0.9.8n again until someone reports that a newer version works.  I've already
> added a /var/db/pkg/openssl-0.9.8n/+IGNOREME file and also a "-x openssl" to
> my list of portmaster -x options for various unbuildable ports, so that a
> "portmaster [various options] -a" *should* avoid it.
>>
>>Just run 'configure' and 'make', _avoid_ 'make install' and drop the
>>resulting tor-binary from  /src/or/tor to your PATH. (Remove or hide the
>>old one before, of course)
>>
>>I do not intend to start a bikeshed discussion about pro's and con's of
>>statically compiled binaries, but this saves the nuisance and keeps
>>the rest of your system away from  testing different library versions
>>three times a day :)
>>
>      :-)
>      As noted above, I will keep only a single version, 0.9.8n, until I know
> of a version to which I can safely update.
>      On another note, working backward from today, portdowngrade shows the
> comment for commission #11 (port version 0.9.8l_2) as:
>
> 	- new option WITH_OPENSSL_THREADS
>
> Can anyone tell me what WITH_OPENSSL_THREADS enables and whether it provides
> anything new and beneficial for tor relays running on systems with multiple
> logical and/or physical CPUs?
>
>
>                                   Scott Bennett, Comm. ASMELG, CFIAG
> **********************************************************************
> * Internet:       bennett at cs.niu.edu                              *
> *--------------------------------------------------------------------*
> * "A well regulated and disciplined militia, is at all times a good  *
> * objection to the introduction of that bane of all free governments *
> * -- a standing army."                                               *
> *    -- Gov. John Hancock, New York Journal, 28 January 1790         *
> **********************************************************************
>



More information about the tor-relays mailing list