Bart,

On Wed, Apr 25, 2018, at 9:28 AM, Bart Van Assche wrote:
> On 04/25/18 10:04, Keith Mendoza wrote:
> > Net-SNMP dev team,
> > I have submitted a merge request to verify that when the 
> > --enable-blumenthal-aes is used in configure that it checks that OpenSSL's 
> > aes.h and evp.h are available. Merge request is at 
> > https://sourceforge.net/p/net-snmp/code/merge-requests/14/. This should 
> > fully resolve the following bugs:
> > 
> > * #2859 Test case "T023snmpv3getMD5DES_simple" fails 
> > (https://sourceforge.net/p/net-snmp/bugs/2859/)
> > 
> > * #2855 Test case "T026snmpv3getSHAAES_simple" fails 
> > (https://sourceforge.net/p/net-snmp/bugs/2855/)
> > 
> > * #2854 Test case "T025snmpv3getSHADES_simple" fails 
> > (https://sourceforge.net/p/net-snmp/bugs/2854/)
> > 
> > * #2852 Test case "T024snmpv3getSHA1_simple" fails 
> > (https://sourceforge.net/p/net-snmp/bugs/2852/)
> > 
> > This fix provides a partial fix for #2853 Test case 
> > "T024snmpv3getSHA512_simple" fails (#2853 Test case 
> > "T024snmpv3getSHA512_simple" fails). The rest of the fix is Bart's commit 
> > 3c104a.
> 
> Hello Keith,
> 
> Are you aware that running something like "brew upgrade openssl" brings 
> in a version of openssl on OS/X that is recent enough for all Net-SNMP 
> features? 

>From what I know OpenSSL is available through Homebrew or Macports--among 
>others. Apple doesn't seem to provide OpenSSL by themselves. So doing that 
>should upgrade openssl provided the package info for the package manager has 
>been done too.

> Regarding your pull request: I'd like to avoid adding 
> AC_CHECK_HEADERS() calls in config_project_with_enable because whether 
> or not these succeed depend on the compiler flags (-I) and some compiler 
> flags are only set at a later phase.

I agree that placing the AC_CHECK_HEADERS() where it is _not_ the best place 
for it as it assumes that --with-ssl always occurs before 
--enable-blumenthal-aes. I suspect that if the --with-ssl code is moved after 
that the AC_CHECK_HEADERS will always fail. I felt that placing it there would 
be a good starting point; and I figured someone with more experience with the 
codebase will tell me where it should go as a rule-of-thumb for the project.

I feel the best solution would be to remove the typecasts going on inside 
sc_get_openssl_hashfn(). It seems to me that having these typecasts there is 
triggering the implicit declaration of EVP_sha512() that lead to the crash we 
both encountered. However, I don't want testing the "best" solution to block 
5.8 release.

> 
> Thanks,
> 
> Bart.


-- 
Thanks,
Keith (pantherse)

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Reply via email to