On Sun, Jan 17, 2010 at 8:31 PM, Nick Mathewson <[email protected]> wrote: > On Sun, Jan 17, 2010 at 9:36 PM, Roger Dingledine <[email protected]> wrote: >> Nick wrote an OpenSSL patch to not waste so much memory in its internal >> buffers. See item #3 on >> http://archives.seul.org/or/dev/Jun-2008/msg00001.html >> >> That said, I don't know what the current state of the patch is, or where >> you can get a copy. Nick? > > It's in recent versions of OpenSSL (recent as in the 1.0.0 beta versions.) > > If you would rather try patching an older version of OpenSSL yourself, try out > http://freehaven.net/~nickm/openssl_mem/openssl-mem-patch-v17.txt > I have no idea whether it applies cleanly (or at all) to older versions.
Thanks for the prompt replies. I've got a custom-built Tor with openssl 1.0.0-beta4 running now; i'll keep an eye on it and see if things run better that way. As a vaguely related sidenote, is it intentional that openssl is statically linked? I would expect that Tor more than anything would want to benefit from security updates as quickly as possible, and most package managers / people won't rebuild it after an openssl update. Seems a bit dangerous. I was able to confirm that I was running with the right version, though, by adding the following right under Tor's version notice: log(LOG_NOTICE, LD_GENERAL, "Built for %s, using %s", OPENSSL_VERSION_TEXT, SSLeay_version(SSLEAY_VERSION)); That may be worth adding, to make which version is being used visible, especially if it's going to be statically linked. I'll let you know in a few days how things are going with this new setup. - John *********************************************************************** To unsubscribe, send an e-mail to [email protected] with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
