Tiger, tor and openssl

[dgringo1@…]

Hi, I was chatting with you chaps the other week or so; your help was great. I fixed the compilation and openssl issue and progress resumed; compiled much s/w for my Tiger OS. I generated a looong list of utils and games which worked fine but I did get a short list of problems. I am working through those at the moment. Specifically, a much wished for Tor, for Tiger, I could never get my hands on, but I was able to build it... or so it seemed. Here it seems openssl is blocking me again :( I think the 1.0.1e is the issue here and I would like to use something earlier, from 0.9.8m onwards -- or so tor states.

I tried earlier, but things are not gelling :( I originally built and thought I was happy with 1.0.1e, then tried to go to an earlier build for tor -- I tried an arbitrary 'earlier' version label, to no avail.

I am unsure how to 1) specify a specific installation / build of an earlier version and 2) selectively use that version for some s/w. Questions and help -- yes there is a lot of online chatter about openssl & tor ? ;)

mm:~ dgringo$ sudo port install openssl @1.0.1c
Password:
--->  Computing dependencies for openssl
--->  Cleaning openssl
--->  Scanning binaries for linking errors: 100.0%
--->  No broken files found.
mm:~ dgringo$ openssl version
OpenSSL 1.0.1e 11 Feb 2013
mm:~ dgringo$ sudo port install tor            
--->  Computing dependencies for tor
--->  Cleaning tor
--->  Scanning binaries for linking errors: 100.0%
--->  No broken files found.
mm:~ dgringo$ sudo port -f install tor
--->  Computing dependencies for tor
--->  Cleaning tor
--->  Scanning binaries for linking errors: 100.0%
--->  No broken files found.
mm:~ dgringo$ tor
Sep 17 19:35:58.412 [notice] Tor v0.2.3.25 (git-17c24b3118224d65) running on Darwin.
Sep 17 19:35:58.412 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Sep 17 19:35:58.425 [notice] Read configuration file "/Users/dgringo/.torrc".
Sep 17 19:35:58.450 [notice] Initialized libevent version 2.0.21-stable using method kqueue. Good.
Sep 17 19:35:58.455 [notice] Opening Socks listener on 127.0.0.1:9148
Sep 17 19:35:58.456 [notice] Opening Socks listener on 127.0.0.1:9149
Sep 17 19:35:58.456 [notice] Opening Socks listener on 127.0.0.1:9150
Sep 17 19:35:58.000 [notice] Parsing GEOIP file /opt/local/share/tor/geoip.
Sep 17 19:35:59.000 [notice] This version of OpenSSL has a known-good EVP counter-mode implementation. Using it.
Sep 17 19:36:00.000 [notice] OpenSSL OpenSSL 1.0.1e 11 Feb 2013 looks like version 0.9.8m or later; I will try SSL_OP to enable renegotiation
Sep 17 19:36:00.000 [notice] Reloaded microdescriptor cache.  Found 0 descriptors.
Sep 17 19:36:00.000 [notice] I learned some more directory information, but not enough to build a circuit: We have no usable consensus.
Sep 17 19:36:01.000 [notice] Bootstrapped 5%: Connecting to directory server.
Sep 17 19:36:01.000 [notice] Heartbeat: Tor's uptime is 0:00 hours, with 1 circuits open. I've sent 0 kB and received 0 kB.
Sep 17 19:36:01.000 [notice] Bootstrapped 10%: Finishing handshake with directory server.
Sep 17 19:36:01.000 [notice] We weren't able to find support for all of the TLS ciphersuites that we wanted to advertise. This won't hurt security, but it might make your Tor (if run as a client) more easy for censors to block.
Sep 17 19:36:01.000 [notice] To correct this, use a version of OpenSSL built with none of its ciphers disabled.
Segmentation fault
mm:~ dgringo$ 

[ryandesign (Ryan Carsten Schmidt)]

Replying to dgringo1@…:

I am unsure how to 1) specify a specific installation / build of an earlier version

wiki:howto/InstallingOlderPort

and 2) selectively use that version for some s/w. Questions and help -- yes there is a lot of online chatter about openssl & tor ? ;)

By very carefully activating whichever version you want before you build each port. But this kind of micromanaging of ports is quite fiddly and of course completely unsupported. MacPorts is designed for you to be using the currently-available versions of ports, not selectively backdating ports.

Let's look into the real problem instead. Why do you think tor doesn't work with openssl 1.0.1e?

[ryandesign (Ryan Carsten Schmidt)]

I see from your output above that tor segfaults. What does the crash log say? It's probably something the developers of tor would need to correct.

[dgringo1@…]

Replying to ryandesign@…:

Replying to dgringo1@…:

I am unsure how to 1) specify a specific installation / build of an earlier version

wiki:howto/InstallingOlderPort

and 2) selectively use that version for some s/w. Questions and help -- yes there is a lot of online chatter about openssl & tor ? ;)

By very carefully activating whichever version you want before you build each port. But this kind of micromanaging of ports is quite fiddly and of course completely unsupported. MacPorts is designed for you to be using the currently-available versions of ports, not selectively backdating ports.

Let's look into the real problem instead. Why do you think tor doesn't work with openssl 1.0.1e?

:( Shame one is not intended to be able to return to previous versions, I had incorrectly deduced that might be the way.

I hope this does not turn out to be the reason for a Tiger tor not existing.

[dgringo1@…]

Replying to ryandesign@…:

I see from your output above that tor segfaults. What does the crash log say? It's probably something the developers of tor would need to correct.

I shall pursue that angle...

[ryandesign (Ryan Carsten Schmidt)]

Replying to dgringo1@…:

I hope this does not turn out to be the reason for a Tiger tor not existing.

How do you mean, "not existing"? It exists on your system; you installed it there with MacPorts. It just doesn't seem to work right. Most of what we do at MacPorts is package up software that other people have developed. It's not our job to make that software work correctly; that's the developers' job. Of course if there's something about the way that we're packaging up tor that's causing this problem, then we can correct that. But if you look into the tor portfile you'll see we're not doing anything special. We're just running a standard build.

[dgringo1@…]

Replying to ryandesign@…:

Replying to dgringo1@…:

I hope this does not turn out to be the reason for a Tiger tor not existing.

How do you mean, "not existing"? It exists on your system; you installed it there with MacPorts. It just doesn't seem to work right. Most of what we do at MacPorts is package up software that other people have developed. It's not our job to make that software work correctly; that's the developers' job. Of course if there's something about the way that we're packaging up tor that's causing this problem, then we can correct that. But if you look into the tor portfile you'll see we're not doing anything special. We're just running a standard build.

Yes it does 'exist', sorry for any inference to the contrary. What I meant to say was, this issues is likely to be the reason for tor having never seeming, and historically, to be distributed for OS X Tiger -- obviously from my historical attempts to locate it.

I shall research it again to -- possibly -- find out what where any technical issues which might prevent openssl, or even tor, for not working or supporting Tiger. Without getting into any personal justifications, I might find it a satisfying task for this (_historically_) low-level programmer to try and remedy the situation.