Apple workaround for openssl issues on OS X 10.5 and 10.6
Apple responded to my bug report about a broken openssl. I've since built test packages for OS X 10.5 and 10.6 users. Their response is:
Thank you for your report of this issue with Tor.
The issue you're seeing is because the current versions of the development tools were created before the OpenSSL security fix, and so do not include the "SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION" definition in the OpenSSL headers.
You can work around this issue by supplying the definition to Tor directly, for example by compiling Tor using
CPPFLAGS='-DSSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION=0x0010' ./configure && make
This will work on both Leopard and Snow Leopard.
If you have an Intel (i386) Mac, use the normal i386 packages for Tor 0.2.2.8-alpha release at https://www.torproject.org/download.
If you have a PowerPC (ppc) Mac AND are running OS X 10.5 or 10.6, use these packages:
Tor Expert: https://www.torproject.org/dist/osx-old/Tor-0.2.2.8-alpha-i386-10.5-10… and .asc.
Vidalia Bundle: https://www.torproject.org/dist/vidalia-bundles/vidalia-bundle-0.2.2.8-… and .asc.
If you have a PowerPC (ppc) Mac AND ARE running OS X 10.3 or 10.4, use the normal ppc packages at https://www.torproject.org/download.
This can be confusing. I now maintain two different PowerPC packages. One set for pre-10.5 and one set for 10.5 and later OS X versions. This is because Apple didn't update 10.3 nor 10.4 for the openssl bug.