[tor-dev] Compiling tor against OpenSSL_1_0_2-stable

Christian Kujau lists at nerdbynature.de
Thu Nov 29 02:17:54 UTC 2012


As a late follow-up, for the archives...

Nick Mathewson wrote on 9/25/12 09:36:
> On Mon, Sep 24, 2012 at 4:13 AM, Christian Kujau <lists at nerdbynature.de> wrote:
>> while trying to compile the latest git-checkout against openssl-1.0.2,
>> I've come across the following issues:
>  [...]
>> While this is really an issue with openssl, I wanted to have this
>> documented, just in case anybody else tries the same. If someone knows of
>> a better workaround (i.e. compiling just tortls.c with -Wno-error and
>> everything else with -Werror), please share! :-)
> 
> So, -Werror isn't supposed to be on by default; you only get that if
> you configure with --enable-gcc-warnings.  You can get all the
> warnings, but with -Werror disabled, by using
> --enable-gcc-warnings-advisory instead.

Yes, --enable-gcc-warnings-advisory helps - thanks!

>> A bit later, compilation stops again:
>> ----
>>   CCLD   src/or/tor
>> src/common/libor-crypto.a(aes.o): In function `aes_crypt':
>> aes.c:(.text+0x860): undefined reference to `CRYPTO_ctr128_encrypt'
> 
> Well that's certainly annoying.  If you're not feeling hackerish, I'd
> suggest backing off to openssl the openssl 1.0.1 branch, which has
> actually been, y'know, released. (There's no released openssl 1.0.2
> version yet, right?) But if you're willing to hack the Tor code, you
> might be able to make CAN_USE_OPENSSL_CTR always undefined in aes.c,
> and make USE_EVP_AES_CTR always defined, so that Tor doesn't even
> consider using the CRYPTO_ implementation.

At first I felt hackerish and tried your suggestion, but then I realized 
that although I used --with-openssl-dir=/opt/openssl, the compilation 
process made use of my already installed libssl-dev package and stopped 
with the error above. Uninstalling my distro's openssl development 
libraries helped and latest Tor compiles against the latest openssl CVS 
checkout. yay!

Thanks for replying & sorry for my late response,
Christian.
-- 
make bzImage, not war


More information about the tor-dev mailing list