Bart, On Wed, Apr 25, 2018, at 9:28 AM, Bart Van Assche wrote: > On 04/25/18 10:04, Keith Mendoza wrote: > > Net-SNMP dev team, > > I have submitted a merge request to verify that when the > > --enable-blumenthal-aes is used in configure that it checks that OpenSSL's > > aes.h and evp.h are available. Merge request is at > > https://sourceforge.net/p/net-snmp/code/merge-requests/14/. This should > > fully resolve the following bugs: > > > > * #2859 Test case "T023snmpv3getMD5DES_simple" fails > > (https://sourceforge.net/p/net-snmp/bugs/2859/) > > > > * #2855 Test case "T026snmpv3getSHAAES_simple" fails > > (https://sourceforge.net/p/net-snmp/bugs/2855/) > > > > * #2854 Test case "T025snmpv3getSHADES_simple" fails > > (https://sourceforge.net/p/net-snmp/bugs/2854/) > > > > * #2852 Test case "T024snmpv3getSHA1_simple" fails > > (https://sourceforge.net/p/net-snmp/bugs/2852/) > > > > This fix provides a partial fix for #2853 Test case > > "T024snmpv3getSHA512_simple" fails (#2853 Test case > > "T024snmpv3getSHA512_simple" fails). The rest of the fix is Bart's commit > > 3c104a. > > Hello Keith, > > Are you aware that running something like "brew upgrade openssl" brings > in a version of openssl on OS/X that is recent enough for all Net-SNMP > features?
>From what I know OpenSSL is available through Homebrew or Macports--among >others. Apple doesn't seem to provide OpenSSL by themselves. So doing that >should upgrade openssl provided the package info for the package manager has >been done too. > Regarding your pull request: I'd like to avoid adding > AC_CHECK_HEADERS() calls in config_project_with_enable because whether > or not these succeed depend on the compiler flags (-I) and some compiler > flags are only set at a later phase. I agree that placing the AC_CHECK_HEADERS() where it is _not_ the best place for it as it assumes that --with-ssl always occurs before --enable-blumenthal-aes. I suspect that if the --with-ssl code is moved after that the AC_CHECK_HEADERS will always fail. I felt that placing it there would be a good starting point; and I figured someone with more experience with the codebase will tell me where it should go as a rule-of-thumb for the project. I feel the best solution would be to remove the typecasts going on inside sc_get_openssl_hashfn(). It seems to me that having these typecasts there is triggering the implicit declaration of EVP_sha512() that lead to the crash we both encountered. However, I don't want testing the "best" solution to block 5.8 release. > > Thanks, > > Bart. -- Thanks, Keith (pantherse) ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Net-snmp-coders mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
