Well, for the compat functions that snmpusm needs, we need +#include <string.h> +#include <openssl/dh.h>
which is easy if we naively assume that the headers are protected against
multi-inclusion. And there are more compat functions in this file, that
need more headers to build, that snmpusm doesn't. Some errors:
snmp_openssl.c: In function 'ASN1_STRING_get0_data':
snmp_openssl.c:984:13: error: dereferencing pointer to incomplete type
'ASN1_STRING {aka const struct asn1_string_st}'
return x->data;
^
snmp_openssl.c: At top level:
snmp_openssl.c:1014:7: error: unknown type name 'SSL_METHOD'
const SSL_METHOD *TLS_method(void)
^
snmp_openssl.c: In function 'TLS_method':
snmp_openssl.c:1016:12: warning: implicit declaration of function
'TLSv1_method' [-Wimplicit-function-declaration]
return TLSv1_method();
^
snmp_openssl.c:1016:12: warning: return makes pointer from integer without
a cast [-Wint-conversion]
snmp_openssl.c: In function 'ASN1_STRING_get0_data':
snmp_openssl.c:985:1: warning: control reaches end of non-void function
[-Wreturn-type]
}
^
I've attached a patch that at least compiles that pulls the compat
functions that snmpusm needs into the new #if, dunno if you have a better
idea. I haven't tested it with TLS transports.
Bill
On Tue, Dec 19, 2017 at 8:53 PM, Bart Van Assche <[email protected]> wrote:
> On 12/19/17 10:36, Bill Fenner wrote:
> > snmplib/netsnmp-openssl.c is not built unless HAVE_LIBSSL is defined,
> > which is only defined if the TLS transports are used. After the removal
> > of the compat functions from apps/snmpusm.c, if you build with only USM
> > transports, there is nothing to provide the DH_get0_pqg compatibility
> > function.
>
> How about something like the patch below?
>
> Thanks,
>
> Bart.
>
> ---
> snmplib/snmp_openssl.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
> index f44449077d1b..545f5a89bf64 100644
> --- a/snmplib/snmp_openssl.c
> +++ b/snmplib/snmp_openssl.c
> @@ -915,6 +915,9 @@ netsnmp_openssl_null_checks(SSL *ssl, int *null_auth,
> int *null_cipher)
> }
> }
> }
> +#endif /* NETSNMP_USE_OPENSSL && HAVE_LIBSSL &&
> !defined(NETSNMP_FEATURE_REMOVE_CERT_UTIL)
> */
> +
> +#if defined(NETSNMP_USE_OPENSSL) || defined(HAVE_LIBCRYPTO)
>
> #ifndef HAVE_DH_SET0_PQG
> int
> @@ -1018,4 +1021,4 @@ const SSL_METHOD *DTLS_method(void)
> }
> #endif
>
> -#endif /* NETSNMP_USE_OPENSSL && HAVE_LIBSSL &&
> !defined(NETSNMP_FEATURE_REMOVE_CERT_UTIL)
> */
> +#endif /* defined(NETSNMP_USE_OPENSSL) || defined(HAVE_LIBCRYPTO) */
> --
> 2.15.1
>
>
net-snmp-5.8-openssl-helpers-dont-have-libssl.patch
Description: Binary data
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Net-snmp-coders mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
