[tor-relays] building Tor against LibreSSL 2.1.1 fails with "undefined reference to `EVP_aes_128_ctr'" error

Nick Mathewson nickm at freehaven.net
Mon Dec 29 00:01:12 UTC 2014

On Wed, Dec 24, 2014 at 5:15 PM, Seth <list at sysfu.com> wrote:
> On Tue, 23 Dec 2014 09:16:56 -0800, Nick Mathewson <nickm at freehaven.net>
> wrote:
>> Strange!  There is code in git master that is supposed to prevent
>> this.
> Yes, I thought it had been fixed by your commit from this ticket
> https://trac.torproject.org/projects/tor/ticket/13325
>> The current Tor's "find_cipher_by_id" is supposed to avoid
>> looking at the get_cipher_by_id field.  Do you really get the same
>> errors with master, or is the error different?
> Makes no difference, same error for master branch as the rest.
> latest Git - master branch - git clone https://git.torproject.org/git/tor
> -------------------------------------------------------------------------
> # cd tor; git status
> On branch master
> Your branch is up-to-date with 'origin/master'.
> nothing to commit, working directory clean
> # sh autogen.sh ; ./configure --with-openssl-dir=/usr/local
> --disable-asciidoc ; make
> src/common/tortls.c: In function 'find_cipher_by_id':
> src/common/tortls.c:1478: error: 'SSL_METHOD' has no member named
> 'get_cipher_by_char'
> src/common/tortls.c:1484: error: 'SSL_METHOD' has no member named
> 'get_cipher_by_char'
> *** [src/common/tortls.o] Error code 1

Huh.  So, that code is wrapped inside a block that does


And that macro is supposed to be defined by autoconf if it sees the
get_cipher_by_char method in SSL_METHOD_ST.

Hm.  Maybe the problem is in our (notoriously wonky) SSL library detection!

Maybe the autoconf script is looking at the headers in /usr/include,
instead of /usr/local/include ? That would mess it up.

Instead of using --with-openssl-dir=/usr/local, what happens if you
set CFLAGS and LDFLAGS by hand when compiling?

If that works, then the underlying bug here is actually the library
detection issues in

For the meantime, is there a compiler macro we can use to distinguish
libressl from openssl at compile-time?

More information about the tor-relays mailing list