Tor fails to build connections after FreeBSD security update
Hans Schnehl
torvallenator at gmail.com
Sat Dec 5 16:29:52 UTC 2009
On Sat, Dec 05, 2009 at 11:01:14AM -0500, Mike L wrote:
> Yes I am seeing this as well.
> I recently did the same thing on my home relay with the same end results as
> you.
> I did not attempt to install ssl port though and am still trying to make it
> use the base ssl.
> I de-installed the port and re-installed but saw the same errors you see
> still.
> running FreeBSD 7.2-RELEASE-p5 #0: Thu Dec 3 22:36:36 EST 2009 (amd64)
> OpenSSL 0.9.8e 23 Feb 2007 with libevent 1.4.12 (if the version is relevant
> or not..)
there is a newer version, libevent 1.4.13, which is never bad to upgrade.
> Sounds like you are about two steps ahead of me though in tracking down the
> issue.
>
> Likewise I'm glad I ran it here before I did it on the exit node..
Actually even with OpenSSL 0.9.8 (ports)l it doesn't work the way it should,
it appears that outgoing connections only succeed to very few relays.
I have LOT'S of
[snip]
Dec 05 15:46:45.922 [info] circuit_build_failed(): Our circuit died before
the first hop with no connection
Dec 05 15:46:45.922 [info] connection_ap_fail_onehop(): Closing one-hop
stream to '$1E421969478A499B92682B2DA5075A0B89455C35/137.56.163.117'
because the OR conn just failed.
Dec 05 15:46:45.922 [info] _connection_free(): Freeing linked Socks
connection [waiting for circuit] with 180 bytes on inbuf, 0 on outbuf.
Dec 05 15:46:45.922 [info] connection_dir_client_reached_eof(): 'fetch'
response not all here, but we're at eof. Closing.
Dec 05 15:46:45.922 [info] update_consensus_networkstatus_downloads():
Launching networkstatus consensus download.
Dec 05 15:46:45.922 [info] connection_ap_make_link(): Making internal
direct tunnel to [scrubbed]:9001 ...
Dec 05 15:46:45.922 [info] onion_pick_cpath_exit(): Using requested exit
node 'fastnode'
Dec 05 15:46:45.922 [info] circuit_handle_first_hop(): Next router is
[scrubbed]: Not connected. Connecting.
Dec 05 15:46:45.922 [info] get_interface_address6(): connect() failed:
Invalid argument
Dec 05 15:46:45.922 [info] get_interface_address6(): connect() failed:
Invalid argument
[snip]
( there is no IPv6 on this box)
and
[snip]
Dec 05 16:03:01.969 [info] connection_ap_make_link(): ... application
connection created and linked.
Dec 05 16:03:01.969 [info] directory_send_command(): Downloading consensus
from 80.56.53.149:9001 using
/tor/status-vote/current/consensus/14C131+27B6B5+585769+805509+81349F+E2A2AF+E8A9C4.z
Dec 05 16:03:01.969 [info] connection_edge_process_inbuf(): data from edge
while in 'waiting for circuit' state. Leaving it on buffer.
Dec 05 16:03:01.969 [info] connection_edge_process_inbuf(): data from edge
while in 'waiting for circuit' state. Leaving it on buffer.
Dec 05 16:03:02.374 [warn] TLS error: unexpected close while renegotiating
(SSL_ST_OK)
Dec 05 16:03:02.374 [info] connection_tls_continue_handshake(): tls error
[unexpected close]. breaking connection.
Dec 05 16:03:02.374 [info] circuit_n_conn_done(): or_conn failed. Closing
circ.
Dec 05 16:03:02.374 [info] circuit_build_failed(): Our circuit died before
the first hop with no connection
Dec 05 16:03:02.374 [info] connection_ap_fail_onehop(): Closing one-hop
stream to '$C7893FC9EA62049BCB512E8486880B361AF45271/80.56.53.149' because
the OR conn just failed.
[snip]
and so on...
This renders the client pretty much useless, still it's not too
brilliant to ignore the patches.
(only able to use tor by tunneling through my relay)
If someone wishes to take a look into this issue let us know where to
send which logs to ...
More information about the tor-relays
mailing list