Date: Tue, 8 Jun 2010 17:50:17 +0000 From: "b. f." <bf1783@googlemail.com> To: Scott Bennett <bennett@cs.niu.edu> Cc: freebsd-ports@freebsd.org, Ruslan Mahmatkhanov <cvs-src@yandex.ru> Subject: Re: security/tor and WITH_OPENSSL_PORT=yes Message-ID: <AANLkTikoeBwcyTrp0VvnLhxoH8jmP2qM51Z-GBGm0DvU@mail.gmail.com> In-Reply-To: <AANLkTilSYTildouGCXUgjGDtSH4XuyTnBaR6UjBFpX3L@mail.gmail.com> References: <201006081710.o58HAt4M006906@mp.cs.niu.edu> <AANLkTilSYTildouGCXUgjGDtSH4XuyTnBaR6UjBFpX3L@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6/8/10, b. f. <bf1783@googlemail.com> wrote: > On 6/8/10, Scott Bennett <bennett@cs.niu.edu> wrote: >> On Mon, 7 Jun 2010 19:24:36 +0000 "b. f." <bf1783@googlemail.com> >> wrote: >> Before anyone decides to "fix" this, they should keep in mind that >> the port needs not only to build correctly, but to *run* correctly. tor >> built with openssl 1.0.0 builds just fine on 7.3-STABLE, but definitely >> does not work in relay mode. Clients and other relays attempt to connect >> to it, but no data packets ever get through, and the connections are soon >> closed. Because of this, tor's self-reachability testing fails, so it >> never publishes a descriptor. After the update from openssl 0.9.8n, a >> version that had worked just fine, came through, I had to install >> portdowngrade and use it to get back from openssl 1.0.0 to openssl 0.9.8n >> in order to get tor to work properly again. I should also point out, in Martin's defense, that the change to use the openssl port with tor came about well _before_ the update of the openssl port to 1.0.x, and was needed to fix the use of tor with earlier versions of openssl. When Dirk updated openssl to 1.0.x, he could of course only verify that the update didn't break the build for the many dependent ports, and test the run-time behavior of only a few. b.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTikoeBwcyTrp0VvnLhxoH8jmP2qM51Z-GBGm0DvU>