Apple workaround for openssl issues on OS X 10.5 and 10.6
Apple responded to my bug report about a broken openssl. I've since built test packages for OS X 10.5 and 10.6 users. Their response is:
Thank you for your report of this issue with Tor.
The issue you're seeing is because the current versions of the development tools were created before the OpenSSL security fix, and so do not include the "SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION" definition in the OpenSSL headers.
You can work around this issue by supplying the definition to Tor directly, for example by compiling Tor using
CPPFLAGS='-DSSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION=0x0010' ./configure && make
This will work on both Leopard and Snow Leopard.
If you have an Intel (i386) Mac, use the normal i386 packages for Tor 0.2.2.8-alpha release at https://www.torproject.org/download.
If you have a PowerPC (ppc) Mac AND are running OS X 10.5 or 10.6, use these packages:
Tor Expert: https://www.torproject.org/dist/osx-old/Tor-0.2.2.8-alpha-i386-10.5-10… and .asc.
Vidalia Bundle: https://www.torproject.org/dist/vidalia-bundles/vidalia-bundle-0.2.2.8-… and .asc.
If you have a PowerPC (ppc) Mac AND ARE running OS X 10.3 or 10.4, use the normal ppc packages at https://www.torproject.org/download.
This can be confusing. I now maintain two different PowerPC packages. One set for pre-10.5 and one set for 10.5 and later OS X versions. This is because Apple didn't update 10.3 nor 10.4 for the openssl bug.
Maybe it's the wrong place here, but since you are talking about the Mac:
I'd really love to see the old "tor mac expert package" again.
In former times the "expert package" included a launch script (/Library/StartupItems/Tor/tor) and also Privoxy with a launchscript (/Library/StartupItems/Privoxy/privoxy). This was such a wonderful package which just worked "in the background" - ready for action with any SOCKS compliant application or via Torbutton.
The Vidalia Packages are unfortunately a pain in the a.. - and even worse I didn't archive the old startupItem scripts (otherwise i'd build the package myself).
Please consider distribution the "expert package" like it was "in former times" again.
Vidalia sucks :-)