Opened 12 years ago

Last modified 7 years ago

#616 closed defect (Fixed)

0.2.1.0-alpha-dev does not compile on Dapper amd64

Reported by: karsten Owned by: nickm
Priority: Low Milestone:
Component: Core Tor/Tor Version: 0.2.0.20-rc
Severity: Keywords:
Cc: karsten, nickm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Compiling 0.2.1.0-alpha-dev (r13786) exits with the following error:

tortls.c: In function ‘tor_tls_new’:
tortls.c:738: error: ‘TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA’ undeclared (first use in this function)

This happens only on Dapper amd64 while compiling on Dapper x86 and Gutsy x86 works fine.

On both machines, openssl version and ciphers are as follows:

/usr/local/ssl/bin/openssl version
OpenSSL 0.9.8g 19 Oct 2007

/usr/local/ssl/bin/openssl ciphers (manually inserted line breaks)
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:
EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:
DHE-DSS-AES128-SHA:AES128-SHA:IDEA-CBC-SHA:IDEA-CBC-MD5:RC2-CBC-MD5:
RC4-SHA:RC4-MD5:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:
DES-CBC-SHA:DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:
EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5

The libevent version is in both cases 1.3e.

Configuration is done with:

./configure --with-libevent-dir=/usr/local/lib/ --with-openssl-dir=/usr/local/ssl/lib/

After commenting out the following ciphers from CLIENT_CIPHER_LIST in tortls.c, compilation works again:

TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA
TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA
TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA

[Automatically added by flyspray2trac: Operating System: Other Linux]

Child Tickets

Change History (4)

comment:1 Changed 12 years ago by karsten

Bug solved by lodger: The problem was that when configuring Tor with "./configure --with-openssl-dir=/usr/local/ssl/lib/", the system-provided OpenSSL headers (0.9.8a) were used instead of the headers in /usr/local/ssl/ (0.9.8g). Changing the configure line to "./configure --with-openssl-dir=/usr/local/ssl/" makes it work again by using the 0.9.8g headers.

The reason is that the six ciphers mentioned above were introduced in 0.9.8b, and not as tortls.c assumes in 0.9.8. A possible fix is to use the long cipher list in tortls.c only with 0.9.8b or later (fix proposed by killerchicken). This is performed in the patch below:

Index: /home/karsten/tor/tor-trunk/src/common/tortls.c
===================================================================
--- /home/karsten/tor/tor-trunk/src/common/tortls.c (revision 13778)
+++ /home/karsten/tor/tor-trunk/src/common/tortls.c (working copy)
@@ -432,7 +432,7 @@

  • SSL3_TXT_RSA_NULL_SHA. If you do this, you won't be able to communicate
  • with any of the "real" Tors, though. */


-#if OPENSSL_VERSION_NUMBER >= 0x00908000l
+#if OPENSSL_VERSION_NUMBER >= 0x00908020l

#define CLIENT_CIPHER_LIST \

(TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ":" \

TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA ":" \

End of patch

A more sophisticated patch might be to distinguish whether the OpenSSL version is 0.9.8/0.9.8a or 0.9.8b/higher and provide different cipher lists for the two cases. However, this might make things complicated without having a real gain.

A second patch could be to make configure warn when silly users pass apparently wrong arguments to it in --with-openssl-dir.

comment:2 Changed 12 years ago by nickm

Looks like a fix to me. Applying.

comment:3 Changed 12 years ago by nickm

flyspray2trac: bug closed.

comment:4 Changed 7 years ago by nickm

Component: Tor RelayTor
Note: See TracTickets for help on using tickets.