Hello!
Due to heavy internet censorship in my country, Tor is very difficult to connect to: impossible without a bridge, and many public bridges appear to be auto-scraped by the government and banned per-IP basis. And since I happen to own a VPS, I decided to run my own private obfs4 bridge, however, the version of Debian I have there (bullseye) has in its repositories outdated version of both OpenSSL and Tor(it refuses to function as a bridge!). Out of reluctancy to do a full system upgrade, I decided to manually compile both from source. As far as I can tell, I have all dependencies installed (libevent, zlib, etc., including -dev packages), and building OpenSSL wasn’t hard at all. However Tor(v0.4.8.21) simply refuses to be built with OpenSSL v3.0.18, due to (what seems to be) conflicts between my OpenSSL headers and the standard tortls libraries.
I have built and installed OpenSSL this way:
./config no-shared enable-ec_nistp_64_gcc_128 --prefix=/opt/openssl3 --openssldir=/opt/openssl3
make -j2 && make test && make install
And then for compiling Tor:
./configure --prefix=/opt/tor --sysconfdir=/etc --localstatedir=/var --disable-html-manual --enable-static-openssl --with-openssl-dir=/opt/openssl3
make -j2
And during the “configure” command for Tor, the build system always outputs this weird line:
checking for significant mismatch between openssl headers and libraries... inconclusive
And then compilation fails with:
In file included from src/test/test_tortls_openssl.c:42:
./src/lib/tls/tortls_internal.h:55:8: error: conflicting types for ‘SSL_SESSION_get_master_key’
55 | size_t SSL_SESSION_get_master_key(struct ssl_session_st *s,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from src/test/test_tortls_openssl.c:23:
/opt/openssl3/include/openssl/ssl.h:2160:15: note: previous declaration of ‘SSL_SESSION_get_master_key’ was here
2160 | __owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *sess,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
src/test/test_tortls_openssl.c: In function ‘get_cipher_by_name’:
src/test/test_tortls_openssl.c:540:19: error: invalid use of incomplete typedef ‘SSL_METHOD’ {aka ‘const struct ssl_method_st’}
540 | int num = method->num_ciphers();
| ^~
src/test/test_tortls_openssl.c:543:38: error: invalid use of incomplete typedef ‘SSL_METHOD’ {aka ‘const struct ssl_method_st’}
543 | const SSL_CIPHER *cipher = method->get_cipher(i);
| ^~
src/test/test_tortls_openssl.c: In function ‘test_tortls_client_is_using_v2_ciphers’:
src/test/test_tortls_openssl.c:716:6: error: invalid use of incomplete typedef ‘SSL’ {aka ‘struct ssl_st’}
716 | ssl->session = sess;
| ^~
src/test/test_tortls_openssl.c:723:6: error: invalid use of incomplete typedef ‘SSL_CIPHER’ {aka ‘struct ssl_cipher_st’}
723 | one->id = 0x00ff;
| ^~
src/test/test_tortls_openssl.c:725:7: error: invalid use of incomplete typedef ‘SSL_SESSION’ {aka ‘struct ssl_session_st’}
725 | sess->ciphers = ciphers;
| ^~
I have tried to use "I=..." and "L=..." (in CPPFLAGS and LDFLAGS respectively) instead of the --with-openssl-dir= directive, but to no avail, as compilation then fails over obvious missing references i.e. EVP_PKEY_CTX_set_hkdf_md.
What’s the weirdest, is that on Windows, inside the standard Tor Browser bundle, if I locate the tor.exe binary, and run --version on it, it prints:
Tor version 0.4.8.17 (git-e41649c9a34f39f1).
This build of Tor is covered by the GNU General Public License (https://www.gnu.org/licenses/gpl-3.0.en.html)
Tor is running on Windows 8 [or later] with Libevent 2.1.12-stable, OpenSSL 3.0.17, Zlib 1.3.1, Liblzma N/A, Libzstd N/A and Unknown N/A as libc.
Tor compiled with clang version 18.1.5
So, by all logic, this version of Tor SHOULD be possible to build with this version of OpenSSL, however, it refuses to. (the only difference being that I’m building with gcc, not clang)
Any clues on how this may be solved are welcome! Many thanks in advance)