From owner-freebsd-ports@FreeBSD.ORG Tue Jun 8 17:11:37 2010 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7B4E61065678 for ; Tue, 8 Jun 2010 17:11:37 +0000 (UTC) (envelope-from bennett@cs.niu.edu) Received: from mp.cs.niu.edu (mp.cs.niu.edu [131.156.145.41]) by mx1.freebsd.org (Postfix) with ESMTP id 4D7CC8FC14 for ; Tue, 8 Jun 2010 17:11:37 +0000 (UTC) Received: from mp.cs.niu.edu (bennett@localhost [127.0.0.1]) by mp.cs.niu.edu (8.14.3/8.14.3) with ESMTP id o58HAtpk006907; Tue, 8 Jun 2010 12:10:55 -0500 (CDT) Date: Tue, 8 Jun 2010 12:10:55 -0500 (CDT) From: Scott Bennett Message-Id: <201006081710.o58HAt4M006906@mp.cs.niu.edu> To: "b. f." , Ruslan Mahmatkhanov Cc: freebsd-ports@freebsd.org Subject: Re: security/tor and WITH_OPENSSL_PORT=yes X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jun 2010 17:11:37 -0000 On Mon, 7 Jun 2010 19:24:36 +0000 "b. f." wrote: >>Why we need uncoditional WITH_OPENSSL_PORT=yes in security/tor? >>It builds fine on 8-stable with base system openssl. >> >>Moreover this setting isn't needed on -CURRENT because openssl 1.0 is in >>base system. May be it should be removed from port's Makefile? > >You are right that it no longer should be unconditional, but not that >it should be removed altogether. Remember, although you may be >running a recent version of 8-stable, with openssl 0.9.8n, others may >still be using older, but still supported, versions of the FreeBSD, >with older base system openssl. > >And, as far as I know, openssl 1.0 is _not_ in the base system, even >in -CURRENT. We are still at 0.9.8n. > >Anyway, I think Martin planned to fix this, now that __FreeBSD_version >has been bumped after some recent changes. > Before anyone decides to "fix" this, they should keep in mind that the port needs not only to build correctly, but to *run* correctly. tor built with openssl 1.0.0 builds just fine on 7.3-STABLE, but definitely does not work in relay mode. Clients and other relays attempt to connect to it, but no data packets ever get through, and the connections are soon closed. Because of this, tor's self-reachability testing fails, so it never publishes a descriptor. After the update from openssl 0.9.8n, a version that had worked just fine, came through, I had to install portdowngrade and use it to get back from openssl 1.0.0 to openssl 0.9.8n in order to get tor to work properly again. Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at cs.niu.edu * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************