[tor-dev] Compiling tor against OpenSSL_1_0_2-stable
Christian Kujau
lists at nerdbynature.de
Mon Sep 24 08:13:54 UTC 2012
Hi,
while trying to compile the latest git-checkout against openssl-1.0.2,
I've come across the following issues:
----
make[1]: Entering directory `/usr/local/src/tor-git'
CC src/common/tortls.o
cc1: warnings being treated as errors
In file included from /opt/openssl/include/openssl/ssl.h:1382,
from src/common/tortls.c:36:
/opt/openssl/include/openssl/srtp.h:138: error: redundant redeclaration of
‘SSL_get_selected_srtp_profile’
/opt/openssl/include/openssl/srtp.h:135: note: previous declaration of
‘SSL_get_selected_srtp_profile’ was here
make[1]: *** [src/common/tortls.o] Error 1
make[1]: Leaving directory `/usr/local/src/tor-git'
make: *** [all] Error 2
----
There is an open ticket[0] in the openssl bugtracker for this. While the
proper solution is to fix openssl/include/openssl/srtp.h, I wanted to
compile without -Werror. However, when adding CFLAGS="-Wno-error" during
./configure, -Werror is still added to the ./Makefile and overriding
-Wno-error. When adding CFLAGS="-Wno-error" during "make" all the other
CFLAGS are gone too. Thus I ended up removing -Werror from the Makefile
and tortls.o compiled.
While this is really an issue with openssl, I wanted to have this
documented, just in case anybody else tries the same. If someone knows of
a better workaround (i.e. compiling just tortls.c with -Wno-error and
everything else with -Werror), please share! :-)
A bit later, compilation stops again:
----
CCLD src/or/tor
src/common/libor-crypto.a(aes.o): In function `aes_crypt':
aes.c:(.text+0x860): undefined reference to `CRYPTO_ctr128_encrypt'
collect2: ld returned 1 exit status
make[1]: *** [src/or/tor] Error 1
make[1]: Leaving directory `/usr/local/src/tor-git'
make: *** [all] Error 2
----
Hm, this leaves me puzzled for now. CRYPTO_ctr128_encrypt is still
included in openssl-1.0.2 and src/common/aes.o seems to be built with
this function included as well, not sure why src/common/libor-crypto.a
complains now:
----
$ grep -r CRYPTO_ctr128_encrypt /opt/openssl/
/opt/openssl/include/openssl/modes.h:void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
/opt/openssl/include/openssl/modes.h:void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
Binary file /opt/openssl/bin/openssl matches
Binary file /opt/openssl/lib/libcrypto.a matches
$ grep -r CRYPTO_ctr128_encrypt .
./src/common/aes.c: CRYPTO_ctr128_encrypt((const unsigned char *)input,
Binary file ./src/common/aes.o matches
Binary file ./src/common/libor-crypto.a matches
----
Why do I (try to) build against openssl-1.0.2? I'm on Debian/stable which
still ships openssl-0.9.8o and I wanted to get rid of this "use a more recent
OpenSSL" message during startup :-)
Otherwise, today's git-checkout of tor runs just fine when built against
openssl-0.9.8 (on powerpc) - yay!
Christian.
[0] http://rt.openssl.org/Ticket/Display.html?id=2724
--
BOFH excuse #330:
quantum decoherence
More information about the tor-dev
mailing list