security/tor and WITH_OPENSSL_PORT=yes

Scott Bennett bennett at
Tue Jun 8 17:11:37 UTC 2010

     On Mon, 7 Jun 2010 19:24:36 +0000 "b. f." <bf1783 at>
>>Why we need uncoditional WITH_OPENSSL_PORT=yes in security/tor?
>>It builds fine on 8-stable with base system openssl.
>>Moreover this setting isn't needed on -CURRENT because openssl 1.0 is in
>>base system. May be it should be removed from port's Makefile?
>You are right that it no longer should be unconditional, but not that
>it should be removed altogether.  Remember, although you may be
>running a recent version of 8-stable, with openssl 0.9.8n, others may
>still be using older, but still supported, versions of the FreeBSD,
>with older base system openssl.
>And, as far as I know, openssl 1.0 is _not_ in the base system, even
>in -CURRENT.  We are still at 0.9.8n.
>Anyway, I think Martin planned to fix this, now that __FreeBSD_version
>has been bumped after some recent changes.
     Before anyone decides to "fix" this, they should keep in mind that
the port needs not only to build correctly, but to *run* correctly.  tor
built with openssl 1.0.0 builds just fine on 7.3-STABLE, but definitely
does not work in relay mode.  Clients and other relays attempt to connect
to it, but no data packets ever get through, and the connections are soon
closed.  Because of this, tor's self-reachability testing fails, so it
never publishes a descriptor.  After the update from openssl 0.9.8n, a
version that had worked just fine, came through, I had to install
portdowngrade and use it to get back from openssl 1.0.0 to openssl 0.9.8n
in order to get tor to work properly again.

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:       bennett at                              *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *

More information about the freebsd-ports mailing list