Date: Tue, 8 Jun 2010 17:31:53 +0000 From: "b. f." <bf1783@googlemail.com> To: Scott Bennett <bennett@cs.niu.edu> Cc: freebsd-ports@freebsd.org, Ruslan Mahmatkhanov <cvs-src@yandex.ru> Subject: Re: security/tor and WITH_OPENSSL_PORT=yes Message-ID: <AANLkTilSYTildouGCXUgjGDtSH4XuyTnBaR6UjBFpX3L@mail.gmail.com> In-Reply-To: <201006081710.o58HAt4M006906@mp.cs.niu.edu> References: <201006081710.o58HAt4M006906@mp.cs.niu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6/8/10, Scott Bennett <bennett@cs.niu.edu> wrote: > On Mon, 7 Jun 2010 19:24:36 +0000 "b. f." <bf1783@googlemail.com> > wrote: >>>Why we need uncoditional WITH_OPENSSL_PORT=yes in security/tor? >>>It builds fine on 8-stable with base system openssl. >>> >>>Moreover this setting isn't needed on -CURRENT because openssl 1.0 is in >>>base system. May be it should be removed from port's Makefile? >> >>You are right that it no longer should be unconditional, but not that >>it should be removed altogether. Remember, although you may be >>running a recent version of 8-stable, with openssl 0.9.8n, others may >>still be using older, but still supported, versions of the FreeBSD, >>with older base system openssl. >> >>And, as far as I know, openssl 1.0 is _not_ in the base system, even >>in -CURRENT. We are still at 0.9.8n. >> >>Anyway, I think Martin planned to fix this, now that __FreeBSD_version >>has been bumped after some recent changes. >> > Before anyone decides to "fix" this, they should keep in mind that > the port needs not only to build correctly, but to *run* correctly. tor > built with openssl 1.0.0 builds just fine on 7.3-STABLE, but definitely > does not work in relay mode. Clients and other relays attempt to connect > to it, but no data packets ever get through, and the connections are soon > closed. Because of this, tor's self-reachability testing fails, so it > never publishes a descriptor. After the update from openssl 0.9.8n, a > version that had worked just fine, came through, I had to install > portdowngrade and use it to get back from openssl 1.0.0 to openssl 0.9.8n > in order to get tor to work properly again. > Then a change to allow the use of base system openssl on some versions of the OS should make your life a little bit easier. Information about run-time failures is just the kind of feedback that you should be providing to Martin, because I don't think his testing includes the full range of conditions under which tor is used. Speaking for myself, when I submit an update, I am content if tor builds and installs cleanly, passes the bundled regression tests (with one known exception), and works as a client. We need more information from people like you to fix problems. b.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTilSYTildouGCXUgjGDtSH4XuyTnBaR6UjBFpX3L>