Hi Owen, OK, I think I know what happened, I was checking a different branch. No idea why the build system says it is building with them when it's not. Your patch is fine, I'll add that in shortly.
- Craig On Tue, 27 Oct 2020 at 10:18, Craig Small <csm...@debian.org> wrote: > On Tue, 27 Oct 2020 at 07:42, Owen Evans <oev...@sciencelogic.com> wrote: > >> Package: snmp >> Version: 5.9+dfsg-3-silo >> > This isn't a valid Debian version. > > Blumenthal AES, in spite of being a 'draft' part of the SNMP Standard, >> is becoming widely implemented by many vendors. It is the main way to >> have strong encryption in connection with SNMPv3. Debian should include >> the --enable-blumenthal-aes option added around line 53 of debian/rules >> so that it is used when invoking the ./configure script from the >> upstream source package. >> > Are you sure the Debian packages don't already have this enabled? > > Also, that flag doesn't exist in 5.9 of net-snmp > ./configure --enable-blumenthal-aes > configure: WARNING: unrecognized options: --enable-blumenthal-aes > > The draft standard seems to be all about enabling AES, or as the draft > states: > 1)Provide a set of new privacy protocols for USM based on the > Advanced Encryption Standard. > > Output of the build system shows AES is actually there: > > Crypto support from: crypto > Authentication support: MD5 SHA1 SHA224 SHA256 SHA384 SHA512 > Encryption support: DES AES AES128 AES192 AES192C AES256 AES256C > > So I'm a bit confused about what is not enabled and why your configure > option works. > The --with-openssl and having openssl 0.9.7 or later will do it. > > - Craig > >