NET-SNMP version: 5.9.4 net-snmp-config --config-options '--with-security-modules=tsm' '--with-transports=TLSTCP,DTLSUDP' '--with-mib-modules=tsm-mib'
OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.4.0 22 Oct 2024) OS Welcome to Ubuntu 24.04.1 LTS (GNU/Linux 5.15.167.4-microsoft-standard-WSL2 x86_64) Relevant config lines snmpd.conf - No snmp.conf used agentaddress tlstcp:1161 # certificate local defines the default X.509 public key to use as the server's identity (man pgs Ubuntu snmpd.conf) [snmp] localCert /usr/local/share/snmp/tls/certs/snmpd.crt # certificate common name danderson e.g CN = danderson # /usr/local/share/snmp/tls/certs/manager.crt: SHA1 Fingerprint=4A:DB:1F:38:C8:59:E9:09:58:DF:CC:4A:5F:30:39:4A:53:FB:31:98 certSecName 10 4A:DB:1F:38:C8:59:E9:09:58:DF:CC:4A:5F:30:39:4A:53:FB:31:98 --cn # SNMP v3 user. Security model -s rwuser -s tsm danderson auth Output from snmpd using: sudo /usr/local/sbin/snmpd -f -Lo -Dcert -C -c snmpd.conf ---->snip<--- cert:dump: ------------------------ End ---------------------- cert:util:config: parsing 10 4A:DB:1F:38:C8:59:E9:09:58:DF:CC:4A:5F:30:39:4A:53:FB:31:98 --cn cert:find:params: looking for remote_peer(2) in MULTIPLE(0x200), hint 0x7ffd493e92d0 cert:find:params: looking for remote_peer(2) in FINGERPRINT(0x2), hint 0x7ffd493e92d0 cert:find:params: hint = 4A:DB:1F:38:C8:59:E9:09:58:DF:CC:4A:5F:30:39:4A:53:FB:31:98 cert:find:found: using cert manager.crt / 4adb1f38c859e90958dfcc4a5f30394a53fb3198 for remote_peer(2) (uses=identity+remote_peer (3)) cert:find:found: using cert manager.crt / 4adb1f38c859e90958dfcc4a5f30394a53fb3198 for remote_peer(2) (uses=identity+remote_peer (3)) cert:map:add: pri 10, fp 4adb1f38c859e90958dfcc4a5f30394a53fb3198 cert:find:params: looking for identity(1) in DEFAULT(0x0), hint (nil) cert:find:params: looking for identity(1) in MULTIPLE(0x200), hint 0x5573fdf68c60 cert:find:params: looking for identity(1) in FINGERPRINT(0x2), hint 0x5573fdf68c60 cert:find:params: hint = /usr/local/share/snmp/tls/certs/snmpd.crt cert:find:params: looking for identity(1) in FILE(0x1), hint 0x5573fdf68c60 cert:find:params: hint = /usr/local/share/snmp/tls/certs/snmpd.crt error finding server identity keys I have tested the certificates/keys using: sudo openssl s_server -cert /usr/local/share/snmp/tls/certs/snmpd.crt -key /usr/local/share/snmp/tls/private/snmpd.key -CAfile /usr/local/share/snmp/tls/ca-certs/ca.snmp.dev.crt -accept 1161 -tls1_2 -www sudo openssl s_client -connect 127.0.0.1:1161 -tls1_2 -CAfile /usr/local/share/snmp/tls/ca-certs/ca.snmp.dev.crt -cert /usr/local/share/snmp/tls/certs/manager.crt -key /usr/local/share/snmp/tls/private/manager.key All good with the certificates generated using *net-snmp-cert* This error appears a number of times in the net-snmp mailing list archives - without any obvious explanation or fix. If this is a: "well you're not running on a native Linux machine" problem then it would be really helpful to have it fixed. Since Linux is being run more often than ever on Windows machines. I have found the code references and could possibly recompile with additional debug lines. But I was hoping someone may have an easier solution. Regards David Anderson
_______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
