Re: [tor-bugs] #25353 [Core Tor/Tor]: Configure fails with some OpenSSL 1.1.0 built with no-deprecated.

[Tor Bug Tracker & Wiki]

#25353: Configure fails with some OpenSSL 1.1.0 built with no-deprecated.
-+-
 Reporter:  laomaiweng   |  Owner:  nickm
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.7.2-alpha
 Severity:  Normal   | Resolution:  fixed
 Keywords:  openssl, tor-ssl,|  Actual Points:
  034-triage-20180328, 034-must, compatibility,  |
  build, 034-included-20180405   |
Parent ID:  #19429   | Points:  1
 Reviewer:  catalyst |Sponsor:
-+-
Changes (by nickm):

 * status:  needs_revision => closed
 * resolution:   => fixed


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25353 [Core Tor/Tor]: Configure fails with some OpenSSL 1.1.0 built with no-deprecated.

[Tor Bug Tracker & Wiki]

#25353: Configure fails with some OpenSSL 1.1.0 built with no-deprecated.
-+-
 Reporter:  laomaiweng   |  Owner:  nickm
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.7.2-alpha
 Severity:  Normal   | Resolution:
 Keywords:  openssl, tor-ssl,|  Actual Points:
  034-triage-20180328, 034-must, compatibility,  |
  build, 034-included-20180405   |
Parent ID:  #19429   | Points:  1
 Reviewer:  catalyst |Sponsor:
-+-

Comment (by nickm):

 merging parent.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25353 [Core Tor/Tor]: Configure fails with some OpenSSL 1.1.0 built with no-deprecated.

[Tor Bug Tracker & Wiki]

#25353: Configure fails with some OpenSSL 1.1.0 built with no-deprecated.
-+-
 Reporter:  laomaiweng   |  Owner:  nickm
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.7.2-alpha
 Severity:  Normal   | Resolution:
 Keywords:  openssl, tor-ssl,|  Actual Points:
  034-triage-20180328, 034-must, compatibility,  |
  build, 034-included-20180405   |
Parent ID:  #19429   | Points:  1
 Reviewer:  catalyst |Sponsor:
-+-
Changes (by catalyst):

 * status:  needs_review => needs_revision


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25353 [Core Tor/Tor]: Configure fails with some OpenSSL 1.1.0 built with no-deprecated.

[Tor Bug Tracker & Wiki]

#25353: Configure fails with some OpenSSL 1.1.0 built with no-deprecated.
-+-
 Reporter:  laomaiweng   |  Owner:  nickm
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.7.2-alpha
 Severity:  Normal   | Resolution:
 Keywords:  openssl, tor-ssl,|  Actual Points:
  034-triage-20180328, 034-must, compatibility,  |
  build, 034-included-20180405   |
Parent ID:  #19429   | Points:  1
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * status:  accepted => needs_review


Comment:

 (See parent ticket -- I have adapted the patch from the gentoo bugtracker
 above to work on 0.3.4, fixed some other cases of similar problems, and
 merged it with the work from this ticket.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25353 [Core Tor/Tor]: Configure fails with some OpenSSL 1.1.0 built with no-deprecated.

[Tor Bug Tracker & Wiki]

#25353: Configure fails with some OpenSSL 1.1.0 built with no-deprecated.
-+-
 Reporter:  laomaiweng   |  Owner:  nickm
 Type:  defect   | Status:
 |  accepted
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.7.2-alpha
 Severity:  Normal   | Resolution:
 Keywords:  openssl, tor-ssl,|  Actual Points:
  034-triage-20180328, 034-must, compatibility,  |
  build, 034-included-20180405   |
Parent ID:  #19429   | Points:  1
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * keywords:  openssl, tor-ssl, 034-triage-20180328, 034-must,
 compatibility, build =>
 openssl, tor-ssl, 034-triage-20180328, 034-must, compatibility, build,
 034-included-20180405


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25353 [Core Tor/Tor]: Configure fails with some OpenSSL 1.1.0 built with no-deprecated.

[Tor Bug Tracker & Wiki]

#25353: Configure fails with some OpenSSL 1.1.0 built with no-deprecated.
-+-
 Reporter:  laomaiweng   |  Owner:  nickm
 Type:  defect   | Status:
 |  accepted
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.7.2-alpha
 Severity:  Normal   | Resolution:
 Keywords:  openssl, tor-ssl,|  Actual Points:
  034-triage-20180328, 034-must, compatibility,  |
  build  |
Parent ID:  #19429   | Points:  1
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * keywords:  openssl, tor-ssl, 034-triage-20180328, 034-removed-20180328 =>
 openssl, tor-ssl, 034-triage-20180328, 034-must, compatibility, build


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25353 [Core Tor/Tor]: Configure fails with some OpenSSL 1.1.0 built with no-deprecated.

[Tor Bug Tracker & Wiki]

#25353: Configure fails with some OpenSSL 1.1.0 built with no-deprecated.
--+
 Reporter:  laomaiweng|  Owner:  nickm
 Type:  defect| Status:  accepted
 Priority:  Medium|  Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.2.7.2-alpha
 Severity:  Normal| Resolution:
 Keywords:  openssl, tor-ssl  |  Actual Points:
Parent ID:  #19429| Points:  1
 Reviewer:|Sponsor:
--+
Changes (by nickm):

 * keywords:  openssl, tor-ssl, 033-backport, 032-backport,  033-must =>
 openssl, tor-ssl


Comment:

 I think maybe we should revisit that choice in 0.3.4, time permitting.
 This can't be an 033 item, though, since it's pretty solidly a new
 feature.

 Our earlier plan to wait until 1.0.2 is obsolete looks like it won't fly:
 that's a LTS release, and it won't go away till the end of next year.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25353 [Core Tor/Tor]: Configure fails with some OpenSSL 1.1.0 built with no-deprecated.

[Tor Bug Tracker & Wiki]

#25353: Configure fails with some OpenSSL 1.1.0 built with no-deprecated.
-+-
 Reporter:  laomaiweng   |  Owner:  nickm
 Type:  defect   | Status:
 |  accepted
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.7.2-alpha
 Severity:  Normal   | Resolution:
 Keywords:  openssl, tor-ssl, 033-backport,  |  Actual Points:
  032-backport,  033-must|
Parent ID:  #19429   | Points:  1
 Reviewer:   |Sponsor:
-+-

Comment (by laomaiweng):

 Thanks for this work!

 I'm well aware of the fact that Tor still won't build against OpenSSL
 1.1.0 with `no-deprecated` even after this ticket is resolved. But I was
 under the impression that this was not a priority for Tor (see #19429 and
 particularly comment:4:ticket:19429), though I'd be glad if this position
 were revised! :)

 I reported this ticket as a first step towards `no-deprecated`
 compatibility and because `TLSv1_1_method()` felt wrong to check for in
 ''configure'', as it wasn't even used anywhere.

 If Tor wants to move towards full `no-deprecated` compatibility, be aware
 a Gentoo user already offered a patch here:
 https://bugs.gentoo.org/630380. Though the patch was against Tor 0.3.0, I
 think it still applies fine to Tor 0.3.3.
 Other than that, I don't have strong feelings as to what to do next about
 this ticket, or OpenSSL 1.1.0 `no-deprecated` compatibility in general.
 I'll just be happy if it all gets merged/supported eventually.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25353 [Core Tor/Tor]: Configure fails with some OpenSSL 1.1.0 built with no-deprecated.

[Tor Bug Tracker & Wiki]

#25353: Configure fails with some OpenSSL 1.1.0 built with no-deprecated.
-+-
 Reporter:  laomaiweng   |  Owner:  nickm
 Type:  defect   | Status:
 |  accepted
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.7.2-alpha
 Severity:  Normal   | Resolution:
 Keywords:  openssl, tor-ssl, 033-backport,  |  Actual Points:
  032-backport,  033-must|
Parent ID:  #19429   | Points:  1
 Reviewer:   |Sponsor:
-+-

Comment (by nickm):

 I've had a partial success here.

 My branch `bug25353_032` replaces the `TLSv1_1_method()` check with a
 `SSL_CIPHER_get_id()` test.  (You can see my public repository at
 https://gitweb.torproject.org/nickm/tor.git .)

 The problem here, though, is that this change is not enough to make Tor
 compile when OpenSSL is built with no-deprecated.  Tor uses the following
 deprecated functions:
 {{{
 CRYPTO_cleanup_all_ex_data
 ENGINE_cleanup
 ERR_free_strings
 ERR_load_crypto_strings
 EVP_CIPHER_CTX_cleanup
 EVP_cleanup
 OpenSSL_add_all_algorithms
 SSL_library_init
 SSL_load_error_strings
 X509_get_notAfter
 X509_get_notBefore
 }}}

 The number of functions here makes me think that we should postpone
 compatibility with `no-deprecated` OpenSSL until 0.3.4.  What do you
 think?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25353 [Core Tor/Tor]: Configure fails with some OpenSSL 1.1.0 built with no-deprecated.

[Tor Bug Tracker & Wiki]

#25353: Configure fails with some OpenSSL 1.1.0 built with no-deprecated.
-+-
 Reporter:  laomaiweng   |  Owner:  nickm
 Type:  defect   | Status:
 |  accepted
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.7.2-alpha
 Severity:  Normal   | Resolution:
 Keywords:  openssl, tor-ssl, 033-backport,  |  Actual Points:
  032-backport,  033-must|
Parent ID:  #19429   | Points:  1
 Reviewer:   |Sponsor:
-+-

Comment (by nickm):

 I think we could use "SSL_CIPHER_get_id" here -- it is new in 1.0.1,
 present in libressl, not deprecated, and actually used by Tor.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25353 [Core Tor/Tor]: Configure fails with some OpenSSL 1.1.0 built with no-deprecated.

[Tor Bug Tracker & Wiki]

#25353: Configure fails with some OpenSSL 1.1.0 built with no-deprecated.
-+-
 Reporter:  laomaiweng   |  Owner:  nickm
 Type:  defect   | Status:
 |  accepted
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.7.2-alpha
 Severity:  Normal   | Resolution:
 Keywords:  openssl, tor-ssl, 033-backport,  |  Actual Points:
  032-backport,  033-must|
Parent ID:  #19429   | Points:  1
 Reviewer:   |Sponsor:
-+-

Comment (by nickm):

 One challenge here is that we need to make sure that we do not needlessly
 break libressl.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25353 [Core Tor/Tor]: Configure fails with some OpenSSL 1.1.0 built with no-deprecated. (was: Configure fails with some OpenSSL 1.1.0)

[Tor Bug Tracker & Wiki]

#25353: Configure fails with some OpenSSL 1.1.0 built with no-deprecated.
-+-
 Reporter:  laomaiweng   |  Owner:  nickm
 Type:  defect   | Status:
 |  accepted
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.7.2-alpha
 Severity:  Normal   | Resolution:
 Keywords:  openssl, tor-ssl, 033-backport,  |  Actual Points:
  032-backport,  033-must|
Parent ID:  #19429   | Points:  1
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * keywords:
 openssl, tor-ssl, 033-backport, 032-backport, 031-backport,
 029-backport 033-must
 => openssl, tor-ssl, 033-backport, 032-backport,  033-must


Comment:

 This bug appears to be an issue when openssl is built with no-deprecated,
 and only with Tor 0.3.2 or later.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs