Still problems with TLS negotiation

Scott Bennett bennett at cs.niu.edu
Sun Jan 3 07:40:31 UTC 2010


     On Sat, 2 Jan 2010 16:02:23 -0500 grarpamp <grarpamp at gmail.com>
wrote:
>FreeBSD RELENG_8 20091229T1432 works fine from current sources:
>
>openssl version -v -p
> OpenSSL 0.9.8k 25 Mar 2009

     However, if one installs openssl from the ports tree, it will be
version 0.9.8l instead.

> platform: FreeBSD-i386
>mkdir tor ; cd tor
>tar -xf /.../openssl-0.9.8l.tar.gz
>tar -xf /.../libevent-1.4.13-stable.tar.gz
>tar -xf /.../tor-0.2.1.21.tar.gz
>c () { /usr/bin/env - PATH=/usr/bin:/bin:/usr/sbin:/sbin /bin/sh -c "$1" ; }
>cd openssl-0.9.8l
> c './config --prefix=$(realpath ..) no-sse2 shared enable-camellia'
> c 'make depend ; make ; make install_docs install_sw'
> cd ..
>cd libevent-1.4.13-stable
> c './configure --prefix=$(realpath ..) ; make ; make install'
> cd ..
>cd tor-0.2.1.21
> c 'CPPFLAGS=-static LDFLAGS=-static ./configure --prefix=$(realpath
>..) --with-openssl-dir=$(realpath ..) --with-libevent-dir=$(realpath
>..)'
> c 'make ; make install'
> cd ..
>./bin/tor <args>

     It is not necessary to link with static libraries.  Here is an excerpt
from something I posted to freebsd-questions a while back in response to
a query from a lady having the same kind of problem with mutt.

+Subject:  Re:  Mutt and openssl from port
+
+     On Sat, 12 Dec 2009 21:46:27 +0200 Lena at lena.kiev.ua wrote:
+>7.1-PRERELEASE. I'd like Mutt to use zlib compression when connecting to pop3s.
+>openssl in base doesn't support zlib. I installed openssl port from package
+>(in the port zlib in on by default), wrote in make.conf:
+>
+>WITH_OPENSSL_PORT=yes
+>
+>and `portupgrade -f mutt`. However, Mutt still uses openssl from base:
+>
+>~ $ ldd /usr/local/bin/mutt
+>/usr/local/bin/mutt:
+>        libncursesw.so.7 => /lib/libncursesw.so.7 (0x28103000)
+>        libssl.so.5 => /usr/lib/libssl.so.5 (0x2814f000)
+>        libcrypto.so.5 => /lib/libcrypto.so.5 (0x28190000)
+>        libintl.so.8 => /usr/local/lib/libintl.so.8 (0x282ea000)
+>        libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x282f3000)
+>        libc.so.7 => /lib/libc.so.7 (0x283ea000)
+>
+     Right.  We tor users just went through that, too.  The problem is that
+what WITH_OPENSSL_PORT=YES does is to add -L/usr/local/lib to the cc or gcc
+command that does the link edit step.  However, that adds the desired
+directory to the *end* of the list of directories to be searched, when what
+you want is to put it at the beginning of the list.  What I ended up doing
+was to add LDFLAGS="-rpath=/usr/local/lib" to the ./configure step for tor,
+so you may want to take a look at the "make config" target to see how best
+to do that for mutt.  Be careful that the use of -rpath won't cause it to
+include libraries from /usr/local/lib instead of from the base system for
+other stuff where you might not want that to happen.

>...
>Jan 02 xx:xx:xx.xxx [notice] Bootstrapped 100%: Done.
>
>Tor should be made to emit both the libevent and openssl version
>strings upon startup.

     Yes, that would also be nice to have.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list