security/tor and WITH_OPENSSL_PORT=yes

b. f. bf1783 at
Tue Jun 8 17:31:56 UTC 2010

On 6/8/10, Scott Bennett <bennett at> wrote:
>      On Mon, 7 Jun 2010 19:24:36 +0000 "b. f." <bf1783 at>
> wrote:
>>>Why we need uncoditional WITH_OPENSSL_PORT=yes in security/tor?
>>>It builds fine on 8-stable with base system openssl.
>>>Moreover this setting isn't needed on -CURRENT because openssl 1.0 is in
>>>base system. May be it should be removed from port's Makefile?
>>You are right that it no longer should be unconditional, but not that
>>it should be removed altogether.  Remember, although you may be
>>running a recent version of 8-stable, with openssl 0.9.8n, others may
>>still be using older, but still supported, versions of the FreeBSD,
>>with older base system openssl.
>>And, as far as I know, openssl 1.0 is _not_ in the base system, even
>>in -CURRENT.  We are still at 0.9.8n.
>>Anyway, I think Martin planned to fix this, now that __FreeBSD_version
>>has been bumped after some recent changes.
>      Before anyone decides to "fix" this, they should keep in mind that
> the port needs not only to build correctly, but to *run* correctly.  tor
> built with openssl 1.0.0 builds just fine on 7.3-STABLE, but definitely
> does not work in relay mode.  Clients and other relays attempt to connect
> to it, but no data packets ever get through, and the connections are soon
> closed.  Because of this, tor's self-reachability testing fails, so it
> never publishes a descriptor.  After the update from openssl 0.9.8n, a
> version that had worked just fine, came through, I had to install
> portdowngrade and use it to get back from openssl 1.0.0 to openssl 0.9.8n
> in order to get tor to work properly again.

Then a change to allow the use of base system openssl on some versions
of the OS should make your life a little bit easier.  Information
about run-time failures is just the kind of feedback that you should
be providing to Martin, because I don't think his testing includes the
full range of conditions under which tor is used.  Speaking for
myself, when I submit an update, I am content if tor builds and
installs cleanly, passes the bundled regression tests (with one known
exception), and works as a client.  We need more information from
people like you to fix problems.


More information about the freebsd-ports mailing list