Re: Still problems with TLS negotiation
On Sat, 2 Jan 2010 16:02:23 -0500 grarpamp
wrote:
>FreeBSD RELENG_8 20091229T1432 works fine from current sources:
>
>openssl version -v -p
> OpenSSL 0.9.8k 25 Mar 2009
However, if one installs openssl from the ports tree, it will be
version 0.9.8l instead.
> platform: FreeBSD-i386
>mkdir tor ; cd tor
>tar -xf /.../openssl-0.9.8l.tar.gz
>tar -xf /.../libevent-1.4.13-stable.tar.gz
>tar -xf /.../tor-0.2.1.21.tar.gz
>c () { /usr/bin/env - PATH=/usr/bin:/bin:/usr/sbin:/sbin /bin/sh -c "$1" ; }
>cd openssl-0.9.8l
> c './config --prefix=$(realpath ..) no-sse2 shared enable-camellia'
> c 'make depend ; make ; make install_docs install_sw'
> cd ..
>cd libevent-1.4.13-stable
> c './configure --prefix=$(realpath ..) ; make ; make install'
> cd ..
>cd tor-0.2.1.21
> c 'CPPFLAGS=-static LDFLAGS=-static ./configure --prefix=$(realpath
>..) --with-openssl-dir=$(realpath ..) --with-libevent-dir=$(realpath
>..)'
> c 'make ; make install'
> cd ..
>./bin/tor
It is not necessary to link with static libraries. Here is an excerpt
from something I posted to freebsd-questions a while back in response to
a query from a lady having the same kind of problem with mutt.
+Subject: Re: Mutt and openssl from port
+
+ On Sat, 12 Dec 2009 21:46:27 +0200 l...@lena.kiev.ua wrote:
+>7.1-PRERELEASE. I'd like Mutt to use zlib compression when connecting to
pop3s.
+>openssl in base doesn't support zlib. I installed openssl port from package
+>(in the port zlib in on by default), wrote in make.conf:
+>
+>WITH_OPENSSL_PORT=yes
+>
+>and `portupgrade -f mutt`. However, Mutt still uses openssl from base:
+>
+>~ $ ldd /usr/local/bin/mutt
+>/usr/local/bin/mutt:
+>libncursesw.so.7 => /lib/libncursesw.so.7 (0x28103000)
+>libssl.so.5 => /usr/lib/libssl.so.5 (0x2814f000)
+>libcrypto.so.5 => /lib/libcrypto.so.5 (0x2819)
+>libintl.so.8 => /usr/local/lib/libintl.so.8 (0x282ea000)
+>libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x282f3000)
+>libc.so.7 => /lib/libc.so.7 (0x283ea000)
+>
+ Right. We tor users just went through that, too. The problem is that
+what WITH_OPENSSL_PORT=YES does is to add -L/usr/local/lib to the cc or gcc
+command that does the link edit step. However, that adds the desired
+directory to the *end* of the list of directories to be searched, when what
+you want is to put it at the beginning of the list. What I ended up doing
+was to add LDFLAGS="-rpath=/usr/local/lib" to the ./configure step for tor,
+so you may want to take a look at the "make config" target to see how best
+to do that for mutt. Be careful that the use of -rpath won't cause it to
+include libraries from /usr/local/lib instead of from the base system for
+other stuff where you might not want that to happen.
>...
>Jan 02 xx:xx:xx.xxx [notice] Bootstrapped 100%: Done.
>
>Tor should be made to emit both the libevent and openssl version
>strings upon startup.
Yes, that would also be nice to have.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu *
**
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
*-- Gov. John Hancock, New York Journal, 28 January 1790 *
**
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Hidden Services
I'm trying to set up a hidden service (website) and for some reason, FF won't resolve the url (zygwjgs2sp7wcmws.onion). My FF settings are as follows: HTTP Proxy: 127.0.0.1:8118 SOCKS5 Proxy: 127.0.0.1:9050 network.disable.dnsPrefetch set to true network.proxy.socks_remote_dns set to true I'm having the same problem with Apple Safari (which on Windows is apparently just IE in a new skin) with the same proxy settings. Windows XP Home SP1 Do I need a web server already running for this to work (if so, I'm feeling very dense right now)? If so, I can easily set up Apache to deal out to 127.0.0.1:80. -- PIT signature.asc Description: OpenPGP digital signature
Re: Still problems with TLS negotiation
FreeBSD RELENG_8 20091229T1432 works fine from current sources:
openssl version -v -p
OpenSSL 0.9.8k 25 Mar 2009
platform: FreeBSD-i386
mkdir tor ; cd tor
tar -xf /.../openssl-0.9.8l.tar.gz
tar -xf /.../libevent-1.4.13-stable.tar.gz
tar -xf /.../tor-0.2.1.21.tar.gz
c () { /usr/bin/env - PATH=/usr/bin:/bin:/usr/sbin:/sbin /bin/sh -c "$1" ; }
cd openssl-0.9.8l
c './config --prefix=$(realpath ..) no-sse2 shared enable-camellia'
c 'make depend ; make ; make install_docs install_sw'
cd ..
cd libevent-1.4.13-stable
c './configure --prefix=$(realpath ..) ; make ; make install'
cd ..
cd tor-0.2.1.21
c 'CPPFLAGS=-static LDFLAGS=-static ./configure --prefix=$(realpath
..) --with-openssl-dir=$(realpath ..) --with-libevent-dir=$(realpath
..)'
c 'make ; make install'
cd ..
./bin/tor
...
Jan 02 xx:xx:xx.xxx [notice] Bootstrapped 100%: Done.
Tor should be made to emit both the libevent and openssl version
strings upon startup.
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Still problems with TLS negotiation
On Sat, Jan 02, 2010 at 07:53:03PM +0100, Hans de Hartog wrote: > Hi, > > I upgraded all my servers from FreeBSD 7.2-RELEASE-p4 to 8.0-RELEASE > and tor stopped working because of the TLS renegotiation problem. > So I upgraded to tor 0.2.1.21 (promised to solve that problem) but the > problem > is still there. Going back to FreeBSD 7.2 is no option so I tried tor > 0.2.2.6-alpha. You need to compile the mentioned versions of Tor against openssl-0.9.8.l, which is the one in the FreeBSD ports tree. neither 7-stable or 8-stable ship with openssl-0.9.8.l, but the versions or Tor you are trying to run need that version of openssl. > Still no go. However, the error message (TLS error: unexpected close while > renegotiating) is now suffixed with (SSL_ST_OK) but tor isn't doing any > usefull > work. > If it helps: openssl version: 0.9.8k 25 Mar 2009 (I can not change that, > it's part > of the base system). You do not need to change that, just install the ports version in addition. > So, this was the end of a faithfull tor-supporting system, running for > months as > an exit-router... :-( No, it is not ! Keep going, please :) There is a thread under Tor-relays dealing exactly with this issue. If you want to skip the 'introduction' you may want to see : http://archives.seul.org/tor/relays/Dec-2009/msg00013.html which handles how to compile Tor against openssl-0.9.8.l by using the ports systems built in routines. If you wish not to use this routine just scroll down and you will find a description of how to do without. > > Regards, > Hans. dito *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Still problems with TLS negotiation
Hi, I upgraded all my servers from FreeBSD 7.2-RELEASE-p4 to 8.0-RELEASE and tor stopped working because of the TLS renegotiation problem. So I upgraded to tor 0.2.1.21 (promised to solve that problem) but the problem is still there. Going back to FreeBSD 7.2 is no option so I tried tor 0.2.2.6-alpha. Still no go. However, the error message (TLS error: unexpected close while renegotiating) is now suffixed with (SSL_ST_OK) but tor isn't doing any usefull work. If it helps: openssl version: 0.9.8k 25 Mar 2009 (I can not change that, it's part of the base system). So, this was the end of a faithfull tor-supporting system, running for months as an exit-router... :-( Regards, Hans. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: can i ask questions about privoxy here...?
On Sat, Jan 02, 2010 at 04:29:19PM +0100, Gitano wrote: > emigrant wrote: > > > is that possible? > > Which question(s) beside 'http://www.privoxy.org/faq/index.html'? see also http://www.torproject.org/docs/tor-doc-unix.html.en#polipo there is a sample Privoxy config for use with Tor *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: can i ask questions about privoxy here...?
emigrant wrote: > is that possible? Which question(s) beside 'http://www.privoxy.org/faq/index.html'? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
can i ask questions about privoxy here...?
is that possible? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: tor-proxy.net
For myself, the problem with tor-proxy.net is that it is blocked by the national filter here. So far, they haven't blocked https ports, so I can still use Tor. Michael Wolfe __ See what's on at the movies in your area. Find out now: http://au.movies.yahoo.com/session-times/
