Opened 6 years ago

Closed 5 years ago

#12602 closed defect (fixed)

Tor fails to build on SSL with no compression.

Reported by: dhill Owned by:
Priority: Medium Milestone: Tor: 0.2.5.x-final
Component: Core Tor/Tor Version: Tor: unspecified
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

OpenBSD removed compression from LibreSSL, so tor no longer compiles due to comp_methods missing.

This patch allows it to compile once again... but not sure if this is the best way.

/* Don't actually allow compression; it uses ram and time, but the data

  • we transmit is all encrypted anyway. */
  • if (result->ctx->comp_methods)
  • result->ctx->comp_methods = NULL;

+ SSL_CTX_set_options(result->ctx, SSL_OP_NO_COMPRESSION);
+

Child Tickets

Change History (6)

comment:1 Changed 6 years ago by dhill

--- src/common/tortls.c.orig    Wed May  7 23:20:58 2014
+++ src/common/tortls.c Fri Jul 11 17:10:05 2014
@@ -1347,8 +1347,8 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned in
   }
   /* Don't actually allow compression; it uses ram and time, but the data
    * we transmit is all encrypted anyway. */
-  if (result->ctx->comp_methods)
-    result->ctx->comp_methods = NULL;
+  SSL_CTX_set_options(result->ctx, SSL_OP_NO_COMPRESSION);
+
 #ifdef SSL_MODE_RELEASE_BUFFERS
   SSL_CTX_set_mode(result->ctx, SSL_MODE_RELEASE_BUFFERS);
 #endif

comment:2 Changed 6 years ago by dhill

OpenBSD came up with
--- src/common/tortls.c.orig    Sat Jul 12 15:52:08 2014

+++ src/common/tortls.c Sat Jul 12 15:53:06 2014

@@ -1345,10 +1345,12 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned in

     SSL_CTX_set_options(result->ctx,

                         SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);

   }

+#ifndef OPENSSL_NO_COMP

   /* Don't actually allow compression; it uses ram and time, but the data

    * we transmit is all encrypted anyway. */

   if (result->ctx->comp_methods)

     result->ctx->comp_methods = NULL;

+#endif

 #ifdef SSL_MODE_RELEASE_BUFFERS

   SSL_CTX_set_mode(result->ctx, SSL_MODE_RELEASE_BUFFERS);

 #endif

comment:3 Changed 6 years ago by nickm

Milestone: Tor: 0.2.5.x-final

comment:4 Changed 6 years ago by nickm

Milestone: Tor: 0.2.5.x-finalTor: 0.2.4.x-final
Status: newneeds_review

Looks good to me. I just put this in a branch called "bug12602_024" and merged it to 0.2.5. I'm marking it as a possible backport to 0.2.4.

(With this patch, does Tor build and work happily with LibreSSL?)

comment:5 Changed 6 years ago by dhill

yes, this builds and works just fine.

comment:6 Changed 5 years ago by nickm

Milestone: Tor: 0.2.4.x-finalTor: 0.2.5.x-final
Resolution: fixed
Status: needs_reviewclosed

No backport at this point for per-platform build fixes or startup fixes in 0.2.4. Just upgrade to 0.2.5, ok?

Note: See TracTickets for help on using tickets.