Hi there,
My goal is to run Tor on small cluster of embedded mips devices. Because the platform runs on an older version of OpenSSL and libevent I have chosen to statically link them with Tor.
So I went ahead to compile the components. I'm aiming at the beta version: 0.2.3.17
OpenSSL 1.0.1c has been build with: ./Configure debian-mipsel shared enable-tlsext zlib-dynamic no-ssl2
libevent-2.0.19-stable has been built with: ./configure --enable-openssl --disable-debug-mode --with-pic
And of course Tor:
./configure --prefix=/usr --libdir=/usr/lib --localstatedir=/var --sysconfdir=/etc \ --with-zlib-dir=/home/mastag/build-mipsel/tmp/staging/mipsel-linux/lib \ --with-openssl-dir=/home/mastag/build-mipsel/tmp/staging/mipsel-linux/lib \ --with-libevent-dir=/home/mastag/build-mipsel/tmp/staging/mipsel-linux/lib \ --disable-asciidoc --enable-static-openssl --enable-static-libevent \ --host=mipsel-linux --with-libnatpmp-dir=/home/mastag/build-mipsel/tmp/staging/mipsel-linux/lib \ --with-libminiupnpc-dir=/home/mastag/build-mipsel/tmp/staging/mipsel-linux/lib \ --enable-upnp --enable-nat-pmp --enable-bufferevents \ CPPFLAGS="-I/home/mastag/openpli/build-dm800/tmp/staging/mipsel-linux/include"
This produces the src/or/Tor binary which runs great on the cluster. Only it's giving me the following messages:
Jun 21 23:02:12.000 [notice] Tor 0.2.3.17-beta opening new log file. Jun 21 23:02:12.000 [warn] You are running Tor as root. You don't need to, and you probably shouldn't. Jun 21 23:02:13.000 [notice] No AES engine found; using AES_* functions. Jun 21 23:02:13.000 [notice] This OpenSSL has a good implementation of counter mode; using it. Jun 21 23:02:15.000 [notice] OpenSSL OpenSSL 1.0.1c 10 May 2012 looks like version 0.9.8m or later; I will try SSL_OP to enable renegotiation Jun 21 23:02:37.000 [notice] Reloaded microdescriptor cache. Found 4807 descriptors. Jun 21 23:02:42.000 [notice] We now have enough directory information to build circuits. Jun 21 23:02:42.000 [notice] Bootstrapped 80%: Connecting to the Tor network. Jun 21 23:02:43.000 [notice] Heartbeat: Tor's uptime is 0:00 hours, with 1 circuits open. I've sent 0 kB and received 0 kB. Jun 21 23:02:43.000 [notice] Bootstrapped 85%: Finishing handshake with first hop. Jun 21 23:02:43.000 [warn] TLS error while creating tor_tls_t object: could not load the shared library (in DSO support routines:DLFCN_LOAD:---) Jun 21 23:02:43.000 [warn] TLS error while creating tor_tls_t object: could not load the shared library (in DSO support routines:DSO_load:---) Jun 21 23:02:47.000 [notice] Bootstrapped 90%: Establishing a Tor circuit. Jun 21 23:02:53.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. Jun 21 23:02:53.000 [notice] Bootstrapped 100%: Done.
The warning about the AES engine is probably because OpenSSL has no engine for mips. However the following two lines bother me:
[warn] TLS error while creating tor_tls_t object: could not load the shared library (in DSO support routines:DLFCN_LOAD:---) [warn] TLS error while creating tor_tls_t object: could not load the shared library (in DSO support routines:DSO_load:---)
Any way to get rid of these? I did compile OpenSSL with "enable-tlsext" so I don't understand why it warns me about it.
Thanks in advance!
On Thu, Jun 21, 2012 at 5:05 PM, Gino Badouri g.badouri@gmail.com wrote:
Hi there,
My goal is to run Tor on small cluster of embedded mips devices. Because the platform runs on an older version of OpenSSL and libevent I have chosen to statically link them with Tor.
So I went ahead to compile the components. I'm aiming at the beta version: 0.2.3.17
OpenSSL 1.0.1c has been build with: ./Configure debian-mipsel shared enable-tlsext zlib-dynamic no-ssl2
libevent-2.0.19-stable has been built with: ./configure --enable-openssl --disable-debug-mode --with-pic
Hm. Just to rule something out that got added in 0.2.3.17-beta: could you try configuring Tor with --disable-compiler-hardening and --disable-linker-hardening, and see if that makes a difference?
Hi Nick,
Thanks for your response. I've recompiled Tor with --disable-linker-hardening and --disable-gcc-hardening but I still get the warning regarding tls support.
Jun 22 18:00:04.000 [notice] Tor 0.2.3.17-beta opening new log file. Jun 22 18:00:04.000 [warn] You are running Tor as root. You don't need to, and you probably shouldn't. Jun 22 18:00:05.000 [notice] No AES engine found; using AES_* functions. Jun 22 18:00:05.000 [notice] This OpenSSL has a good implementation of counter mode; using it. Jun 22 18:00:06.000 [notice] OpenSSL OpenSSL 1.0.1c 10 May 2012 looks like version 0.9.8m or later; I will try SSL_OP to enable renegotiation Jun 22 18:00:12.000 [notice] Reloaded microdescriptor cache. Found 0 descriptors. Jun 22 18:00:12.000 [notice] I learned some more directory information, but not enough to build a circuit: We have no usable consensus. Jun 22 18:00:13.000 [notice] Bootstrapped 5%: Connecting to directory server. Jun 22 18:00:13.000 [notice] Heartbeat: Tor's uptime is 0:00 hours, with 1 circuits open. I've sent 0 kB and received 0 kB. Jun 22 18:00:13.000 [notice] Bootstrapped 10%: Finishing handshake with directory server. Jun 22 18:00:13.000 [warn] TLS error while creating tor_tls_t object: could not load the shared library (in DSO support routines:DLFCN_LOAD:---) Jun 22 18:00:13.000 [warn] TLS error while creating tor_tls_t object: could not load the shared library (in DSO support routines:DSO_load:---) Jun 22 18:00:14.000 [notice] Bootstrapped 15%: Establishing an encrypted directory connection. Jun 22 18:00:14.000 [notice] Bootstrapped 20%: Asking for networkstatus consensus. Jun 22 18:00:14.000 [notice] Bootstrapped 25%: Loading networkstatus consensus. Jun 22 18:00:17.000 [notice] I learned some more directory information, but not enough to build a circuit: We have no usable consensus. Jun 22 18:00:18.000 [notice] Bootstrapped 40%: Loading authority key certs. Jun 22 18:00:21.000 [notice] Bootstrapped 45%: Asking for relay descriptors. Jun 22 18:00:21.000 [notice] I learned some more directory information, but not enough to build a circuit: We have only 0/2920 usable microdescriptors. Jun 22 18:00:42.000 [notice] We now have enough directory information to build circuits. Jun 22 18:00:42.000 [notice] Bootstrapped 80%: Connecting to the Tor network. Jun 22 18:00:42.000 [notice] Bootstrapped 90%: Establishing a Tor circuit. Jun 22 18:00:47.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. Jun 22 18:00:47.000 [notice] Bootstrapped 100%: Done.
It could be that Debian FIPS' version of OpenSSL 1.0.1c is causing this problem. But it was only "mipsel" patch for OpenSSL 1.0.1c I could find.
I'll try the stable build of Tor and report back.
2012/6/21 Nick Mathewson nickm@alum.mit.edu
On Thu, Jun 21, 2012 at 5:05 PM, Gino Badouri g.badouri@gmail.com wrote:
Hi there,
My goal is to run Tor on small cluster of embedded mips devices. Because the platform runs on an older version of OpenSSL and libevent I
have
chosen to statically link them with Tor.
So I went ahead to compile the components. I'm aiming at the beta version: 0.2.3.17
OpenSSL 1.0.1c has been build with: ./Configure debian-mipsel shared enable-tlsext zlib-dynamic no-ssl2
libevent-2.0.19-stable has been built with: ./configure --enable-openssl --disable-debug-mode --with-pic
Hm. Just to rule something out that got added in 0.2.3.17-beta: could you try configuring Tor with --disable-compiler-hardening and --disable-linker-hardening, and see if that makes a difference? _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Strange it happens all the time with OpenSSL 1.0.1c Even with the non-debian version. I tried the vanilla OpenSSL with only the patch for "linux-mipsel" in Configure.
When it performs it's handshake it will still spawn the message: Jun 25 20:57:31.000 [warn] TLS error while creating tor_tls_t object: could not load the shared library (in DSO support routines:DLFCN_LOAD:---) Jun 25 20:57:31.000 [warn] TLS error while creating tor_tls_t object: could not load the shared library (in DSO support routines:DSO_load:---)
However Tor continues to work fine. I think the warning can be ignored because Tor has been compiled with "--enable-static-openssl" Also OpenSSL has been compiled with "enable-tlsext" and I've checked my static libssl.a with mipsel-linux-objdump and the tls symbols are there.
So I guess Tor looks for the shared tls extension first (which doesn't exist) and then continues with its statically linked tls-enabled-openssl instead.
Would Tor fail to connect without tls?
2012/6/22 Gino Badouri g.badouri@gmail.com
Hi Nick,
Thanks for your response. I've recompiled Tor with --disable-linker-hardening and --disable-gcc-hardening but I still get the warning regarding tls support.
Jun 22 18:00:04.000 [notice] Tor 0.2.3.17-beta opening new log file. Jun 22 18:00:04.000 [warn] You are running Tor as root. You don't need to, and you probably shouldn't. Jun 22 18:00:05.000 [notice] No AES engine found; using AES_* functions. Jun 22 18:00:05.000 [notice] This OpenSSL has a good implementation of counter mode; using it. Jun 22 18:00:06.000 [notice] OpenSSL OpenSSL 1.0.1c 10 May 2012 looks like version 0.9.8m or later; I will try SSL_OP to enable renegotiation Jun 22 18:00:12.000 [notice] Reloaded microdescriptor cache. Found 0 descriptors. Jun 22 18:00:12.000 [notice] I learned some more directory information, but not enough to build a circuit: We have no usable consensus. Jun 22 18:00:13.000 [notice] Bootstrapped 5%: Connecting to directory server. Jun 22 18:00:13.000 [notice] Heartbeat: Tor's uptime is 0:00 hours, with 1 circuits open. I've sent 0 kB and received 0 kB. Jun 22 18:00:13.000 [notice] Bootstrapped 10%: Finishing handshake with directory server. Jun 22 18:00:13.000 [warn] TLS error while creating tor_tls_t object: could not load the shared library (in DSO support routines:DLFCN_LOAD:---) Jun 22 18:00:13.000 [warn] TLS error while creating tor_tls_t object: could not load the shared library (in DSO support routines:DSO_load:---) Jun 22 18:00:14.000 [notice] Bootstrapped 15%: Establishing an encrypted directory connection. Jun 22 18:00:14.000 [notice] Bootstrapped 20%: Asking for networkstatus consensus. Jun 22 18:00:14.000 [notice] Bootstrapped 25%: Loading networkstatus consensus. Jun 22 18:00:17.000 [notice] I learned some more directory information, but not enough to build a circuit: We have no usable consensus. Jun 22 18:00:18.000 [notice] Bootstrapped 40%: Loading authority key certs. Jun 22 18:00:21.000 [notice] Bootstrapped 45%: Asking for relay descriptors. Jun 22 18:00:21.000 [notice] I learned some more directory information, but not enough to build a circuit: We have only 0/2920 usable microdescriptors. Jun 22 18:00:42.000 [notice] We now have enough directory information to build circuits. Jun 22 18:00:42.000 [notice] Bootstrapped 80%: Connecting to the Tor network. Jun 22 18:00:42.000 [notice] Bootstrapped 90%: Establishing a Tor circuit. Jun 22 18:00:47.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. Jun 22 18:00:47.000 [notice] Bootstrapped 100%: Done.
It could be that Debian FIPS' version of OpenSSL 1.0.1c is causing this problem. But it was only "mipsel" patch for OpenSSL 1.0.1c I could find.
I'll try the stable build of Tor and report back.
2012/6/21 Nick Mathewson nickm@alum.mit.edu
On Thu, Jun 21, 2012 at 5:05 PM, Gino Badouri g.badouri@gmail.com wrote:
Hi there,
My goal is to run Tor on small cluster of embedded mips devices. Because the platform runs on an older version of OpenSSL and libevent I
have
chosen to statically link them with Tor.
So I went ahead to compile the components. I'm aiming at the beta version: 0.2.3.17
OpenSSL 1.0.1c has been build with: ./Configure debian-mipsel shared enable-tlsext zlib-dynamic no-ssl2
libevent-2.0.19-stable has been built with: ./configure --enable-openssl --disable-debug-mode --with-pic
Hm. Just to rule something out that got added in 0.2.3.17-beta: could you try configuring Tor with --disable-compiler-hardening and --disable-linker-hardening, and see if that makes a difference? _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
OpenSSL 1.0.1c has been build with: ./Configure debian-mipsel shared enable-tlsext zlib-dynamic no-ssl2
I've never been able to compile openssl statically such that I could use the resultant binary, dynlib and statlib it everywhere needed. Nor does zlib play right in that. More on the ssl mail list.
could not load the shared library (in DSO support routines
I remember something like that before. Redo your openssl without 'zlib-dynamic'. Redo libevent against that. Then do Tor as static. I think that should make it go away.
Be sure libevent/tor ./configure's are pointed against ssl you compiled, and not default system libs.
I also think 'enable-tlsext' is redundant in that ./config probably includes it automatically now, as with no-ssl2. See: openssl ciphers -v.
It works! Thanks grarpamp!
Using zlib instead of zlib-dynamic fixed it like you said I had to alter the Makefile and tell the linker where to find my mipsel libz.so and libz.a and zlib includes Also libevent and tor need the ./configure CPPFLAGS and LDFLAGS for zlib too.
I'm only encountering timeouts after the circuit has been established: Jun 26 21:21:04.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:53. Giving up. (waiting for circuit)
This is using Tor-2.3.17-beta using static OpenSSL 1.0.1c (no-idea no-mdc2 no-rc5 zlib enable-tlsext no-ssl2) and libevent-2.0.19-stable (bufferevents enabled) Also I compiled with miniupnpc-1.7 and libnatpmp-20110808 support.
I think the Tor binary is too big 5.3MB which is due to libcrypto.a being 4.4MB (stripped).
Would you happen to know which ciphers I can drop from OpenSSL? (so I can shrink it a bit).
2012/6/25 grarpamp grarpamp@gmail.com
OpenSSL 1.0.1c has been build with: ./Configure debian-mipsel shared enable-tlsext zlib-dynamic no-ssl2
I've never been able to compile openssl statically such that I could use the resultant binary, dynlib and statlib it everywhere needed. Nor does zlib play right in that. More on the ssl mail list.
could not load the shared library (in DSO support routines
I remember something like that before. Redo your openssl without 'zlib-dynamic'. Redo libevent against that. Then do Tor as static. I think that should make it go away.
Be sure libevent/tor ./configure's are pointed against ssl you compiled, and not default system libs.
I also think 'enable-tlsext' is redundant in that ./config probably includes it automatically now, as with no-ssl2. See: openssl ciphers -v. _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
I had to alter the Makefile and tell the linker where to find ... libz.so and libz.a and zlib includes
If you got a static 'openssl' binary with zlib in it, and both .a and .so's for the openssl libs, and libevent and tor compiled against that, I'd like to see the openssl diff. I gave up early.
Also libevent and tor need the ./configure CPPFLAGS and LDFLAGS for zlib
Yeah, and and for against openssl and libevent too. I left that out.
I'm only encountering timeouts after the circuit has been established: Jun 26 21:21:04.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:53. Giving up. (waiting for circuit)
Don't know., sounds normal, send a signal newnym.
static OpenSSL 1.0.1c (... zlib ...)
I think 'zlib' works the same as not specifying any zlib* phrase. And that not specifying 'shared' gets you only static libs and a dynamic bin, 'shared' adds dyn libs.
libevent-2.0.19-stable (bufferevents enabled) Also I compiled with miniupnpc-1.7 and libnatpmp-20110808 support. I think the Tor binary is too big 5.3MB which is due to libcrypto.a being 4.4MB (stripped).
Tor here is 3487400 bytes, stripped.
Would you happen to know which ciphers I can drop from OpenSSL? (so I can shrink it a bit).
It's in the torspec docs somewhere. Probably just rsa, dh, aes and x509, basics. Or try debug in openssl.conf.
Thanks for the heads up. I got it working on my mipsel box.
First of all I switched to 2.3.18-rc git.
I build the latest zlib 1.2.7 with -fPIC and -DPIC (seems to be required for mipsel).
I recompiled and reinstalled OpenSSL 1.0.1 with "shared no-ssl2 enable-tlsext" "shared" also seems to build the static libraries aswell.
Then I reconpiled and libevent 2.0.19-stable. For libevent I also used the --with-pic and pointed the ./configure to my compiled zlib 1.2.7 Also I left out the "--disable-debug-option" this time.
Now for Tor, it seems that this "bufferevents"-options causes problems. I threw away the log but it makes setting up the circuit very slow and after a while I'm getting timeouts and errors about "connections marked for closing?" If you want I can rebuild it with bufferevents and send you a detailed log about it.
Anywyas I build it using these options:
./configure --host=mipsel-oe-linux --prefix=/usr --localstatedir=/var --sysconfdir=/etc \ --with-openssl-dir=/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib \ --with-zlib-dir=/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib \ --with-libevent-dir=/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib \ --enable-static-libevent --disable-asciidoc --enable-static-zlib --enable-static-openssl \ CPPFLAGS="-I/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/include" \ LDFLAGS="-L/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib" LIBS="-lz"
The resulting binary is still 5Megs after I manually stripped it, but it seems to work :)
I still can't configure with --enable-static-tor though. The OpenSSL test will fail with:
configure:6940: mipsel-oe-linux-gcc -o conftest -static -I/usr/local/include -I/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/include -I${top_srcdir}/src/common -L/usr/local/lib -L/home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib conftest.c -lpthread -lrt -ldl -lz -lssl -lcrypto >&5 conftest.c: In function 'main': conftest.c:61: warning: incompatible implicit declaration of built-in function 'exit' /home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_load': dso_dlfcn.c:(.text+0x110): undefined reference to `dlopen' dso_dlfcn.c:(.text+0x178): undefined reference to `dlerror' dso_dlfcn.c:(.text+0x2a8): undefined reference to `dlclose' /home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_unload': dso_dlfcn.c:(.text+0x44c): undefined reference to `dlclose' /home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_bind_var': dso_dlfcn.c:(.text+0x64c): undefined reference to `dlsym' dso_dlfcn.c:(.text+0x6b4): undefined reference to `dlerror' /home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_bind_func': dso_dlfcn.c:(.text+0x900): undefined reference to `dlsym' dso_dlfcn.c:(.text+0x968): undefined reference to `dlerror' /home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_pathbyaddr': dso_dlfcn.c:(.text+0x10dc): undefined reference to `dladdr' dso_dlfcn.c:(.text+0x11cc): undefined reference to `dlerror' /home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_globallookup': dso_dlfcn.c:(.text+0x125c): undefined reference to `dlopen' dso_dlfcn.c:(.text+0x1290): undefined reference to `dlsym' dso_dlfcn.c:(.text+0x12b0): undefined reference to `dlclose' /home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(c_zlib.o): In function `zlib_stateful_init': c_zlib.c:(.text+0x214): undefined reference to `inflateInit_' c_zlib.c:(.text+0x2c8): undefined reference to `deflateInit_' /home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(c_zlib.o): In function `zlib_stateful_finish': c_zlib.c:(.text+0x43c): undefined reference to `inflateEnd' c_zlib.c:(.text+0x464): undefined reference to `deflateEnd' /home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(c_zlib.o): In function `zlib_stateful_compress_block': c_zlib.c:(.text+0x5d0): undefined reference to `deflate' /home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(c_zlib.o): In function `zlib_stateful_expand_block': c_zlib.c:(.text+0x724): undefined reference to `inflate' /home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(c_zlib.o): In function `bio_zlib_free': c_zlib.c:(.text+0xb7c): undefined reference to `inflateEnd' c_zlib.c:(.text+0xbe8): undefined reference to `deflateEnd' /home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(c_zlib.o): In function `bio_zlib_read': c_zlib.c:(.text+0xdf8): undefined reference to `inflateInit_' c_zlib.c:(.text+0xe64): undefined reference to `inflate' c_zlib.c:(.text+0xedc): undefined reference to `zError' /home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(c_zlib.o): In function `bio_zlib_write': c_zlib.c:(.text+0x1274): undefined reference to `deflateInit_' c_zlib.c:(.text+0x149c): undefined reference to `deflate' c_zlib.c:(.text+0x1504): undefined reference to `zError' /home/mastag/src/openpli/build-dm800/tmp/sysroots/mipsel-oe-linux/lib/libcrypto.a(c_zlib.o): In function `bio_zlib_flush': c_zlib.c:(.text+0x17e8): undefined reference to `deflate' c_zlib.c:(.text+0x1874): undefined reference to `zError' collect2: ld returned 1 exit status
The dso_dlfcn.c errors can be solved by compiling OpenSSL with "no-dso". However I can't figure out why the static OpenSSL has trouble finding zlib? I don't think it's a problem because my semi-static binary works well enough now :)
2012/6/27 grarpamp grarpamp@gmail.com
I had to alter the Makefile and tell the linker where to find ... libz.so and libz.a and zlib
includes
If you got a static 'openssl' binary with zlib in it, and both .a and .so's for the openssl libs, and libevent and tor compiled against that, I'd like to see the openssl diff. I gave up early.
Also libevent and tor need the ./configure CPPFLAGS and LDFLAGS for zlib
Yeah, and and for against openssl and libevent too. I left that out.
I'm only encountering timeouts after the circuit has been established: Jun 26 21:21:04.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:53. Giving up. (waiting for circuit)
Don't know., sounds normal, send a signal newnym.
static OpenSSL 1.0.1c (... zlib ...)
I think 'zlib' works the same as not specifying any zlib* phrase. And that not specifying 'shared' gets you only static libs and a dynamic bin, 'shared' adds dyn libs.
libevent-2.0.19-stable (bufferevents enabled) Also I compiled with miniupnpc-1.7 and libnatpmp-20110808 support. I think the Tor binary is too big 5.3MB which is due to libcrypto.a being 4.4MB (stripped).
Tor here is 3487400 bytes, stripped.
Would you happen to know which ciphers I can drop from OpenSSL? (so I can shrink it a bit).
It's in the torspec docs somewhere. Probably just rsa, dh, aes and x509, basics. Or try debug in openssl.conf. _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
-
Gino Badouri -
grarpamp -
Nick Mathewson