Bugzilla – Bug 1129411
tor gives a warning about OpenSSL version mismatch
Last modified: 2019-04-15 13:10:41 UTC
STR: 1. Install package tor-0.3.4.8-lp150.2.3.1.x86_64 2. torctl start 3. torclt log Result: The log shows a warning abut OpenSSL version mismatch. Excerpt: [...] Mar 15 14:38:30.000 [notice] Tor 0.3.4.8 (git-da95b91355248ad8) opening log file. Mar 15 14:38:30.925 [warn] OpenSSL version from headers does not match the version we're running with. If you get weird crashes, that might be why. (Compiled with 1010008f: OpenSSL 1.1.0h 27 Mar 2018; running with 1010009f: OpenSSL 1.1.0i-fips 14 Aug 2018). Mar 15 14:38:30.938 [notice] Tor 0.3.4.8 (git-da95b91355248ad8) running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.0i-fips, Zlib 1.2.11, Liblzma 5.2.3, and Libzstd 1.3.4. [...]
* Step 3 has a typo. Should be 'torctl' not 'tortlc'
You have installed a different openssl library than the tor package was compiled with. In this case it's a harmless warning. OpenSSL guarantees binary compatibility over letter and the third digit numbers. Eg. 1.1.0i and 1.1.1a are binary compatible. You can check the ABI changes between the openssl versions here: https://abi-laboratory.pro/?view=timeline&l=openssl Starting with the next major release of OpenSSL, there will be a change in the versioning: https://www.openssl.org/policies/releasestrat.html But that's something for the future. To sum it up, the version check in Tor is just too strict. It expects the very same version (the same openssl version number and the version text) for runtime as it was compiled with. I find that unnecessary and the test could certainly be relaxed. I know Tor takes the security of its users seriously, but IMHO here it's just being overly rigorous.
expected minor and informational warning
Trying to upstream a relaxed version check: https://github.com/torproject/tor/pull/951