> ...
> > How can I prove that snmpd has SSL build in?
>
> Ummmm...
>
> a) Try
> snmpget .... UCD-SNMP-MIB::versionConfigureOptions.0
>
> That won't say explicitly, but will indicate how the suite was
> configured (which may indicate if it either turned on or turned off
> use of OpenSSL).
I get:
UCD-SNMP-MIB::versionConfigureOptions.0 = STRING: "'--prefix=/usr'
'--target=powerpc-linux' '--host=powerpc-linux' '--build=i386-pc-linux'
'--with-endianness=big' '--with-cc=powerpc-linux-gcc' '--with-ar=powerpc-linux-ar'
'--with-install-prefix=/IPm' '--with-cflags=-O2' '--disable-applications'
'--disable-scripts' '--with-sys-location=<Set location of switch>'
'--with-sys-contact=<Set name (and e-mail) of contact for switch>'
'--with-logfile=/var/log/snmpd.log' '--with-default-snmp-version=3'
'--with-persistent-directory=/var/net-snmp' 'build_alias=i386-pc-linux'
'host_alias=powerpc-linux' 'target_alias=powerpc-linux'"
Which _doesn't_ include ssl explicityly but does include SNMPv3
(--with-default-snmp-version=3). It seems that the configure script should either
include SSL or complain if v3 is enabled and SSL isn't included.
> b) ldd snmpd
>
> That will show you which libraries are being linked to - any mention
> of 'libcrypto' or something similar would tend to indicate that it
> should support encrption
Alas, ldd isn't available on my target and ldd on the system where I cross-build
doesn't seem to recognize the foreign binary as a program:
$ ldd snmpd
not a dynamic executable
$ file snmpd
snmpd: ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1, dynamically
linked (uses shared libs), stripped
> c) nm snmpd | grep -i encrypt
$ nm snmpd
nm: snmpd: no symbols
> ...
> d) strings snmpd | grep -i encrypt
> strings libnetsnmp.a | grep -i encrypt
That seems telling:
$ strings libnetsnmp.so.5.1.1 | grep -i encrypt
sc_encrypt
USM encryption error
Encryption support not enabled.
sc_encrypt
Encrypt function not defined.
Encryption successful.
couldn't malloc %d bytes for encrypted PDU
encrypted sPDU
Failed while parsing encrypted sPDU.
> If either of these include the message
> "Encryption support not enabled"
> (or similar) then you're out of luck.
> (or at least would need to reconfigure/recompile)
OK. I'll rebuild and see what I see.
> Though in fact, the remote agent should probably be logging this
> anyway.
Yeah, that would be helpful.
> It might also be worth running the remote agent with '-Dscapi'
> and seeing what the debug output says.
If rebuilding doesn't work...
> A few things for you to try, anyway.
Thanks.
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
