security/tor and WITH_OPENSSL_PORT=yes

b. f. bf1783 at googlemail.com
Tue Jun 8 17:50:19 UTC 2010


On 6/8/10, b. f. <bf1783 at googlemail.com> wrote:
> On 6/8/10, Scott Bennett <bennett at cs.niu.edu> wrote:
>>      On Mon, 7 Jun 2010 19:24:36 +0000 "b. f." <bf1783 at googlemail.com>
>> wrote:

>>      Before anyone decides to "fix" this, they should keep in mind that
>> the port needs not only to build correctly, but to *run* correctly.  tor
>> built with openssl 1.0.0 builds just fine on 7.3-STABLE, but definitely
>> does not work in relay mode.  Clients and other relays attempt to connect
>> to it, but no data packets ever get through, and the connections are soon
>> closed.  Because of this, tor's self-reachability testing fails, so it
>> never publishes a descriptor.  After the update from openssl 0.9.8n, a
>> version that had worked just fine, came through, I had to install
>> portdowngrade and use it to get back from openssl 1.0.0 to openssl 0.9.8n
>> in order to get tor to work properly again.

I should also point out, in Martin's defense, that the change to use
the openssl port with tor came about well _before_ the update of the
openssl port to 1.0.x, and was needed to fix the use of tor with
earlier versions of openssl.  When Dirk updated openssl to 1.0.x, he
could of course only verify that the update didn't break the build for
the many dependent ports, and test the run-time behavior of only a
few.

b.


More information about the freebsd-ports mailing list