Opened 13 years ago

Last modified 8 years ago

#616 closed defect (Fixed) does not compile on Dapper amd64

Reported by: karsten Owned by: nickm
Priority: Low Milestone:
Component: Core Tor/Tor Version:
Severity: Keywords:
Cc: karsten, nickm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Compiling (r13786) exits with the following error:

tortls.c: In function ‘tor_tls_new’:
tortls.c:738: error: ‘TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA’ undeclared (first use in this function)

This happens only on Dapper amd64 while compiling on Dapper x86 and Gutsy x86 works fine.

On both machines, openssl version and ciphers are as follows:

/usr/local/ssl/bin/openssl version
OpenSSL 0.9.8g 19 Oct 2007

/usr/local/ssl/bin/openssl ciphers (manually inserted line breaks)

The libevent version is in both cases 1.3e.

Configuration is done with:

./configure --with-libevent-dir=/usr/local/lib/ --with-openssl-dir=/usr/local/ssl/lib/

After commenting out the following ciphers from CLIENT_CIPHER_LIST in tortls.c, compilation works again:


[Automatically added by flyspray2trac: Operating System: Other Linux]

Child Tickets

Change History (4)

comment:1 Changed 13 years ago by karsten

Bug solved by lodger: The problem was that when configuring Tor with "./configure --with-openssl-dir=/usr/local/ssl/lib/", the system-provided OpenSSL headers (0.9.8a) were used instead of the headers in /usr/local/ssl/ (0.9.8g). Changing the configure line to "./configure --with-openssl-dir=/usr/local/ssl/" makes it work again by using the 0.9.8g headers.

The reason is that the six ciphers mentioned above were introduced in 0.9.8b, and not as tortls.c assumes in 0.9.8. A possible fix is to use the long cipher list in tortls.c only with 0.9.8b or later (fix proposed by killerchicken). This is performed in the patch below:

Index: /home/karsten/tor/tor-trunk/src/common/tortls.c
--- /home/karsten/tor/tor-trunk/src/common/tortls.c (revision 13778)
+++ /home/karsten/tor/tor-trunk/src/common/tortls.c (working copy)
@@ -432,7 +432,7 @@

  • SSL3_TXT_RSA_NULL_SHA. If you do this, you won't be able to communicate
  • with any of the "real" Tors, though. */

-#if OPENSSL_VERSION_NUMBER >= 0x00908000l
+#if OPENSSL_VERSION_NUMBER >= 0x00908020l




End of patch

A more sophisticated patch might be to distinguish whether the OpenSSL version is 0.9.8/0.9.8a or 0.9.8b/higher and provide different cipher lists for the two cases. However, this might make things complicated without having a real gain.

A second patch could be to make configure warn when silly users pass apparently wrong arguments to it in --with-openssl-dir.

comment:2 Changed 13 years ago by nickm

Looks like a fix to me. Applying.

comment:3 Changed 13 years ago by nickm

flyspray2trac: bug closed.

comment:4 Changed 8 years ago by nickm

Component: Tor RelayTor
Note: See TracTickets for help on using tickets.