Re: Still problems with TLS negotiation
On Sat, 2 Jan 2010 16:02:23 -0500 grarpamp wrote: >FreeBSD RELENG_8 20091229T1432 works fine from current sources: > >openssl version -v -p > OpenSSL 0.9.8k 25 Mar 2009 However, if one installs openssl from the ports tree, it will be version 0.9.8l instead. > platform: FreeBSD-i386 >mkdir tor ; cd tor >tar -xf /.../openssl-0.9.8l.tar.gz >tar -xf /.../libevent-1.4.13-stable.tar.gz >tar -xf /.../tor-0.2.1.21.tar.gz >c () { /usr/bin/env - PATH=/usr/bin:/bin:/usr/sbin:/sbin /bin/sh -c "$1" ; } >cd openssl-0.9.8l > c './config --prefix=$(realpath ..) no-sse2 shared enable-camellia' > c 'make depend ; make ; make install_docs install_sw' > cd .. >cd libevent-1.4.13-stable > c './configure --prefix=$(realpath ..) ; make ; make install' > cd .. >cd tor-0.2.1.21 > c 'CPPFLAGS=-static LDFLAGS=-static ./configure --prefix=$(realpath >..) --with-openssl-dir=$(realpath ..) --with-libevent-dir=$(realpath >..)' > c 'make ; make install' > cd .. >./bin/tor It is not necessary to link with static libraries. Here is an excerpt from something I posted to freebsd-questions a while back in response to a query from a lady having the same kind of problem with mutt. +Subject: Re: Mutt and openssl from port + + On Sat, 12 Dec 2009 21:46:27 +0200 l...@lena.kiev.ua wrote: +>7.1-PRERELEASE. I'd like Mutt to use zlib compression when connecting to pop3s. +>openssl in base doesn't support zlib. I installed openssl port from package +>(in the port zlib in on by default), wrote in make.conf: +> +>WITH_OPENSSL_PORT=yes +> +>and `portupgrade -f mutt`. However, Mutt still uses openssl from base: +> +>~ $ ldd /usr/local/bin/mutt +>/usr/local/bin/mutt: +>libncursesw.so.7 => /lib/libncursesw.so.7 (0x28103000) +>libssl.so.5 => /usr/lib/libssl.so.5 (0x2814f000) +>libcrypto.so.5 => /lib/libcrypto.so.5 (0x2819) +>libintl.so.8 => /usr/local/lib/libintl.so.8 (0x282ea000) +>libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x282f3000) +>libc.so.7 => /lib/libc.so.7 (0x283ea000) +> + Right. We tor users just went through that, too. The problem is that +what WITH_OPENSSL_PORT=YES does is to add -L/usr/local/lib to the cc or gcc +command that does the link edit step. However, that adds the desired +directory to the *end* of the list of directories to be searched, when what +you want is to put it at the beginning of the list. What I ended up doing +was to add LDFLAGS="-rpath=/usr/local/lib" to the ./configure step for tor, +so you may want to take a look at the "make config" target to see how best +to do that for mutt. Be careful that the use of -rpath won't cause it to +include libraries from /usr/local/lib instead of from the base system for +other stuff where you might not want that to happen. >... >Jan 02 xx:xx:xx.xxx [notice] Bootstrapped 100%: Done. > >Tor should be made to emit both the libevent and openssl version >strings upon startup. Yes, that would also be nice to have. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Hidden Services
I'm trying to set up a hidden service (website) and for some reason, FF won't resolve the url (zygwjgs2sp7wcmws.onion). My FF settings are as follows: HTTP Proxy: 127.0.0.1:8118 SOCKS5 Proxy: 127.0.0.1:9050 network.disable.dnsPrefetch set to true network.proxy.socks_remote_dns set to true I'm having the same problem with Apple Safari (which on Windows is apparently just IE in a new skin) with the same proxy settings. Windows XP Home SP1 Do I need a web server already running for this to work (if so, I'm feeling very dense right now)? If so, I can easily set up Apache to deal out to 127.0.0.1:80. -- PIT signature.asc Description: OpenPGP digital signature
Re: Still problems with TLS negotiation
FreeBSD RELENG_8 20091229T1432 works fine from current sources: openssl version -v -p OpenSSL 0.9.8k 25 Mar 2009 platform: FreeBSD-i386 mkdir tor ; cd tor tar -xf /.../openssl-0.9.8l.tar.gz tar -xf /.../libevent-1.4.13-stable.tar.gz tar -xf /.../tor-0.2.1.21.tar.gz c () { /usr/bin/env - PATH=/usr/bin:/bin:/usr/sbin:/sbin /bin/sh -c "$1" ; } cd openssl-0.9.8l c './config --prefix=$(realpath ..) no-sse2 shared enable-camellia' c 'make depend ; make ; make install_docs install_sw' cd .. cd libevent-1.4.13-stable c './configure --prefix=$(realpath ..) ; make ; make install' cd .. cd tor-0.2.1.21 c 'CPPFLAGS=-static LDFLAGS=-static ./configure --prefix=$(realpath ..) --with-openssl-dir=$(realpath ..) --with-libevent-dir=$(realpath ..)' c 'make ; make install' cd .. ./bin/tor ... Jan 02 xx:xx:xx.xxx [notice] Bootstrapped 100%: Done. Tor should be made to emit both the libevent and openssl version strings upon startup. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Still problems with TLS negotiation
On Sat, Jan 02, 2010 at 07:53:03PM +0100, Hans de Hartog wrote: > Hi, > > I upgraded all my servers from FreeBSD 7.2-RELEASE-p4 to 8.0-RELEASE > and tor stopped working because of the TLS renegotiation problem. > So I upgraded to tor 0.2.1.21 (promised to solve that problem) but the > problem > is still there. Going back to FreeBSD 7.2 is no option so I tried tor > 0.2.2.6-alpha. You need to compile the mentioned versions of Tor against openssl-0.9.8.l, which is the one in the FreeBSD ports tree. neither 7-stable or 8-stable ship with openssl-0.9.8.l, but the versions or Tor you are trying to run need that version of openssl. > Still no go. However, the error message (TLS error: unexpected close while > renegotiating) is now suffixed with (SSL_ST_OK) but tor isn't doing any > usefull > work. > If it helps: openssl version: 0.9.8k 25 Mar 2009 (I can not change that, > it's part > of the base system). You do not need to change that, just install the ports version in addition. > So, this was the end of a faithfull tor-supporting system, running for > months as > an exit-router... :-( No, it is not ! Keep going, please :) There is a thread under Tor-relays dealing exactly with this issue. If you want to skip the 'introduction' you may want to see : http://archives.seul.org/tor/relays/Dec-2009/msg00013.html which handles how to compile Tor against openssl-0.9.8.l by using the ports systems built in routines. If you wish not to use this routine just scroll down and you will find a description of how to do without. > > Regards, > Hans. dito *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Still problems with TLS negotiation
Hi, I upgraded all my servers from FreeBSD 7.2-RELEASE-p4 to 8.0-RELEASE and tor stopped working because of the TLS renegotiation problem. So I upgraded to tor 0.2.1.21 (promised to solve that problem) but the problem is still there. Going back to FreeBSD 7.2 is no option so I tried tor 0.2.2.6-alpha. Still no go. However, the error message (TLS error: unexpected close while renegotiating) is now suffixed with (SSL_ST_OK) but tor isn't doing any usefull work. If it helps: openssl version: 0.9.8k 25 Mar 2009 (I can not change that, it's part of the base system). So, this was the end of a faithfull tor-supporting system, running for months as an exit-router... :-( Regards, Hans. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: can i ask questions about privoxy here...?
On Sat, Jan 02, 2010 at 04:29:19PM +0100, Gitano wrote: > emigrant wrote: > > > is that possible? > > Which question(s) beside 'http://www.privoxy.org/faq/index.html'? see also http://www.torproject.org/docs/tor-doc-unix.html.en#polipo there is a sample Privoxy config for use with Tor *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: can i ask questions about privoxy here...?
emigrant wrote: > is that possible? Which question(s) beside 'http://www.privoxy.org/faq/index.html'? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
can i ask questions about privoxy here...?
is that possible? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: tor-proxy.net
For myself, the problem with tor-proxy.net is that it is blocked by the national filter here. So far, they haven't blocked https ports, so I can still use Tor. Michael Wolfe __ See what's on at the movies in your area. Find out now: http://au.movies.yahoo.com/session-times/