Re: Problem with Crypto - OpenSSL 1.1.0f - Linux 9.4 (stretch)

2018-05-03 Thread Keith Mendoza 
Dave,

On Thu, May 3, 2018, at 2:02 PM, Dave C wrote:
> Thanks, you solved my problem but with the path as /usr/local where I had
> installed openssl to.

Glad I could help. Since you said you were running Raspbian I assumed that you 
used the OpenSSL Debian packages which usually installs in /usr.

> 
> 
> I'll probably have to stick with  5.7.3 for production for now (on Pi
> Compute Module) but seeing as you did me a favour I thought I would give
> 5.8 pre3 a spin for you. Perhaps I'm the first as I just got the release
> notice this morning.
> 
> All worked fine no issues to report, basic tests of my AgentX daemon (still
> compiled against 5.7.3) works.

Appreciate the feedback. I know the dev team would like it to be tested on as 
many hardware/OS platforms as possible.

> 
> 
> ./configure --with-defaults --with-ldflags=-Bstatic --disable-embedded-perl
> > --disable-perl-cc-checks --without-perl-modules --with-openssl=/usr/local
> 
> 
> 
> -
> > Net-SNMP configuration summary:
> > -
> >   SNMP Versions Supported:1 2c 3
> >   Building for:   linux
> >   Net-SNMP Version:   5.8.pre3
> >   Network transport support:  Callback Unix Alias TCP UDP TCPIPv6 UDPIPv6
> > IPv4Base SocketBase TCPBase UDPIPv4Base UDPBase IPv6Base
> >   SNMPv3 Security Modules: usm
> >   Agent MIB code:default_modules =>  snmpv3mibs mibII ucd_snmp
> > notification notification-log-mib target agent_mibs agentx disman/event
> > disman/schedule utilities host
> >   MYSQL Trap Logging: unavailable
> >   Embedded Perl support:  disabled
> >   SNMP Perl modules:  disabled
> >   SNMP Python modules:disabled
> >   Crypto support from:crypto
> >   Authentication support: MD5 SHA1 SHA512 SHA384 SHA256 SHA192
> >   Encryption support: DES AES
> >   Local DNSSEC validation:disabled
> > -
> 
> 
> 
> root@raspberrypi:~# snmpd --version
> > NET-SNMP version:  5.8.pre3
> > Web:   http://www.net-snmp.org/
> > Email: net-snmp-coders@lists.sourceforge.net
> > root@raspberrypi:~# Hello from Pi-land
> 
> 
> 
> 
> 
> On Fri, May 4, 2018 at 1:17 AM, Keith Mendoza  wrote:
> 
> > Dave,
> > Try adding --with-openssl=/usr in the call to configure on your raspberry
> > pi. If you're brave you can also try 5.8pre3  from
> > https://sourceforge.net/projects/net-snmp/files/net-snmp/5.8-pre-releases/
> >
> > --
> > Thanks,
> > Keith (pantherse)
> >
> > On Wed, May 2, 2018, at 7:04 PM, Dave C wrote:
> > > I'm trying to build net-snmp-5.7.3 on a raspbery pi running Raspbian 9.4
> > > stretch.
> > >
> > > The default packages are OpenSSL 1.1.0f  25 May 2017, libssl-dev
> > > 1.1.0f-3+deb9u2.
> > >
> > > I configure net-snmp like so,
> > >
> > > ./configure --with-defaults --with-ldflags=-Bstatic
> > --disable-embedded-perl
> > > --disable-perl-cc-checks --without-perl-modules
> > >
> > > And get this config output..
> > >
> > > > -
> > > > Net-SNMP configuration summary:
> > > > -
> > > >   SNMP Versions Supported:1 2c 3
> > > >   Building for:   linux
> > > >   Net-SNMP Version:   5.7.3
> > > >   Network transport support:  Callback Unix Alias TCP UDP IPv4Base
> > > > SocketBase TCPBase UDPIPv4Base UDPBase
> > > >   SNMPv3 Security Modules: usm
> > > >   Agent MIB code:default_modules =>  snmpv3mibs mibII
> > ucd_snmp
> > > > notification notification-log-mib target agent_mibs agentx disman/event
> > > > disman/schedule utilities host
> > > >   MYSQL Trap Logging: unavailable
> > > >   Embedded Perl support:  disabled
> > > >   SNMP Perl modules:  disabled
> > > >   SNMP Python modules:disabled
> > > >   Crypto support from:crypto/ internal ??
> > > >   Authentication support: MD5 SHA1
> > > >   Encryption support: DES AES
> > > >   Local DNSSEC validation:disabled
> > >
> > >
> > > However make dies at this point.
> > >
> > > /bin/bash ../libtool  --mode=compile gcc -I../include -I.
> > > >  -I../snmplib  -fno-strict-aliasing -g -O2 -Ulinux -Dlinux=linux  -c -o
> > > > keytools.lo keytools.c
> > > > libtool: compile:  gcc -I../include -I. -I../snmplib
> > -fno-strict-aliasing
> > > > -g -O2 -Ulinux -Dlinux=linux -c keytools.c  -fPIC -DPIC -o
> > .libs/keytools.o
> > > > keytools.c: In function 'generate_Ku':
> > > > keytools.c:155:25: error: dereferencing pointer to incomplete type
> > > > 'EVP_MD_CTX {aka struct evp_md_ctx_st}'
> > > >  ctx = malloc(sizeof(*ctx));
> > > >  ^~~~
> > > > keytools.c:265:9: warning: implicit declaration of function
> > > > 'EVP_MD_CTX_cleanup'

Re: 5.8 testing status

2018-05-03 Thread Robert Story 
On Thu, 3 May 2018 14:32:40 -0400 Bill wrote:
BF> > On Wed, 2 May 2018 11:08:44 -0400 Bill wrote:  
BF> > BF> I just filed
BF> > BF> https://sourceforge.net/p/net-snmp/bugs/2864/ :
BF> > BF> "clientaddr" doesn't work to set the source address for
BF> > BF> traps any more.  (And given that the code path is the
BF> > BF> same, I suspect it doesn't work for client requests
BF> > BF> either).  This is a regression against 5.7.3; that code
BF> > BF> has been restructured so it's not surprising that
BF> > BF> something has changed.
BF> >
BF> > I think the fix you found looks right. Does it work in your
BF> > testing?  
BF> 
BF> Yes, and v6 needs the same fix, and it looks like there are
BF> other calls to the address parsers that make the wrong
BF> assumption about the return value. I have an idea about adding
BF> tests for traps, so that we could test "clientaddr" and the
BF> "trapsink" family of session creations with their "-s"
BF> arguments, but I don't know how to invoke the other
BF> mechanisms.  Although, maybe a unit test would be better for
BF> this, to invoke the transport creation with clientaddr set, or
BF> with seession.localaddr set, or by setting ->source in the
BF> transport config, and making sure that the expected value is
BF> filled in in the returned session.

I'm probably not going to hold up rc1 for this, but fixing other
address parsers handling of the return code is something I'd vote
for allowing after rc1.

Robert

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: RFC: "-@" command line argument to set clientaddr per request/session

2018-05-03 Thread Robert Story 
On Thu, 3 May 2018 14:29:09 -0400 Bill wrote:
BF> On Thu, May 3, 2018 at 1:07 PM, Robert Story
BF>  wrote:
BF> Depends on at what level you are looking at the functionality.
BF> -@ would set session.localaddr, which is a little different
BF> than setting clientaddr.

Can you be more specific about the difference? I don't see a
localaddr field in the netsnmp_session structure.

I'm inclined to say it's too late, it being the day before rc1, and
it mainly being a feature for testing. I like the idea of unit
tests (mentioned in another thread).

Robert

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: Net-SNMP 5.8.pre3 available

2018-05-03 Thread Robert Story 
On Thu, 3 May 2018 21:48:50 +0100 Stuart wrote:
SH> On 2018-04-27, Robert Story  wrote:
SH> > We're closing in on a final release. The current plan is to
SH> > have release candidate 1 next week.  
SH> 
SH> Is it planned to address
SH> https://sourceforge.net/p/net-snmp/bugs/2831/ before release or
SH> are distro packagers going to need to patch the other programs
SH> to cope?

Thank you for bringing this to my attention. I will look into this.

Robert

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: Problem with Crypto - OpenSSL 1.1.0f - Linux 9.4 (stretch)

2018-05-03 Thread Dave C 
Thanks, you solved my problem but with the path as /usr/local where I had
installed openssl to.


I'll probably have to stick with  5.7.3 for production for now (on Pi
Compute Module) but seeing as you did me a favour I thought I would give
5.8 pre3 a spin for you. Perhaps I'm the first as I just got the release
notice this morning.

All worked fine no issues to report, basic tests of my AgentX daemon (still
compiled against 5.7.3) works.


./configure --with-defaults --with-ldflags=-Bstatic --disable-embedded-perl
> --disable-perl-cc-checks --without-perl-modules --with-openssl=/usr/local



-
> Net-SNMP configuration summary:
> -
>   SNMP Versions Supported:1 2c 3
>   Building for:   linux
>   Net-SNMP Version:   5.8.pre3
>   Network transport support:  Callback Unix Alias TCP UDP TCPIPv6 UDPIPv6
> IPv4Base SocketBase TCPBase UDPIPv4Base UDPBase IPv6Base
>   SNMPv3 Security Modules: usm
>   Agent MIB code:default_modules =>  snmpv3mibs mibII ucd_snmp
> notification notification-log-mib target agent_mibs agentx disman/event
> disman/schedule utilities host
>   MYSQL Trap Logging: unavailable
>   Embedded Perl support:  disabled
>   SNMP Perl modules:  disabled
>   SNMP Python modules:disabled
>   Crypto support from:crypto
>   Authentication support: MD5 SHA1 SHA512 SHA384 SHA256 SHA192
>   Encryption support: DES AES
>   Local DNSSEC validation:disabled
> -



root@raspberrypi:~# snmpd --version
> NET-SNMP version:  5.8.pre3
> Web:   http://www.net-snmp.org/
> Email: net-snmp-coders@lists.sourceforge.net
> root@raspberrypi:~# Hello from Pi-land





On Fri, May 4, 2018 at 1:17 AM, Keith Mendoza  wrote:

> Dave,
> Try adding --with-openssl=/usr in the call to configure on your raspberry
> pi. If you're brave you can also try 5.8pre3  from
> https://sourceforge.net/projects/net-snmp/files/net-snmp/5.8-pre-releases/
>
> --
> Thanks,
> Keith (pantherse)
>
> On Wed, May 2, 2018, at 7:04 PM, Dave C wrote:
> > I'm trying to build net-snmp-5.7.3 on a raspbery pi running Raspbian 9.4
> > stretch.
> >
> > The default packages are OpenSSL 1.1.0f  25 May 2017, libssl-dev
> > 1.1.0f-3+deb9u2.
> >
> > I configure net-snmp like so,
> >
> > ./configure --with-defaults --with-ldflags=-Bstatic
> --disable-embedded-perl
> > --disable-perl-cc-checks --without-perl-modules
> >
> > And get this config output..
> >
> > > -
> > > Net-SNMP configuration summary:
> > > -
> > >   SNMP Versions Supported:1 2c 3
> > >   Building for:   linux
> > >   Net-SNMP Version:   5.7.3
> > >   Network transport support:  Callback Unix Alias TCP UDP IPv4Base
> > > SocketBase TCPBase UDPIPv4Base UDPBase
> > >   SNMPv3 Security Modules: usm
> > >   Agent MIB code:default_modules =>  snmpv3mibs mibII
> ucd_snmp
> > > notification notification-log-mib target agent_mibs agentx disman/event
> > > disman/schedule utilities host
> > >   MYSQL Trap Logging: unavailable
> > >   Embedded Perl support:  disabled
> > >   SNMP Perl modules:  disabled
> > >   SNMP Python modules:disabled
> > >   Crypto support from:crypto/ internal ??
> > >   Authentication support: MD5 SHA1
> > >   Encryption support: DES AES
> > >   Local DNSSEC validation:disabled
> >
> >
> > However make dies at this point.
> >
> > /bin/bash ../libtool  --mode=compile gcc -I../include -I.
> > >  -I../snmplib  -fno-strict-aliasing -g -O2 -Ulinux -Dlinux=linux  -c -o
> > > keytools.lo keytools.c
> > > libtool: compile:  gcc -I../include -I. -I../snmplib
> -fno-strict-aliasing
> > > -g -O2 -Ulinux -Dlinux=linux -c keytools.c  -fPIC -DPIC -o
> .libs/keytools.o
> > > keytools.c: In function 'generate_Ku':
> > > keytools.c:155:25: error: dereferencing pointer to incomplete type
> > > 'EVP_MD_CTX {aka struct evp_md_ctx_st}'
> > >  ctx = malloc(sizeof(*ctx));
> > >  ^~~~
> > > keytools.c:265:9: warning: implicit declaration of function
> > > 'EVP_MD_CTX_cleanup' [-Wimplicit-function-declaration]
> > >  EVP_MD_CTX_cleanup(ctx);
> > >  ^~
> > > Makefile:98: recipe for target 'keytools.lo' failed
> > > make[1]: *** [keytools.lo] Error 1
> > > make[1]: Leaving directory '/root/net-snmp-5.7.3/snmplib'
> > > Makefile:656: recipe for target 'subdirs' failed
> > > make: *** [subdirs] Error 1
> >
> >
> > So the first question is what's wrong with the above ?
> >
> >
> > I have an Ubuntu box where I build net-snmp fine with crypo, it runs
> > OpenSSL 1.0.2g so I downgraded the Raspbery PI to 1.0.2o
> >
> > apt-get

Re: Net-SNMP 5.8.pre3 available

2018-05-03 Thread Stuart Henderson 
On 2018-04-27, Robert Story  wrote:
> We're closing in on a final release. The current plan is to have
> release candidate 1 next week.

Is it planned to address https://sourceforge.net/p/net-snmp/bugs/2831/
before release or are distro packagers going to need to patch the other
programs to cope?

Thanks.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: 5.8 testing status

2018-05-03 Thread Bill Fenner 
On Thu, May 3, 2018 at 12:53 PM, Robert Story  wrote:

> On Wed, 2 May 2018 11:08:44 -0400 Bill wrote:
> BF> I just filed https://sourceforge.net/p/net-snmp/bugs/2864/ :
> BF> "clientaddr" doesn't work to set the source address for traps
> BF> any more.  (And given that the code path is the same, I suspect
> BF> it doesn't work for client requests either).  This is a
> BF> regression against 5.7.3; that code has been restructured so
> BF> it's not surprising that something has changed.
> BF>
> BF> I poked around a little and couldn't find a smoking gun.  This
> BF> is a showstopper for my application: we can't use 5.8 as is
> BF> with this bug - but that doesn't necessarily mean that the
> BF> project can't go ahead with the release, there are other needs
> BF> than mine.
>
> I think the fix you found looks right. Does it work in your testing?


Yes, and v6 needs the same fix, and it looks like there are other calls to
the address parsers that make the wrong assumption about the return value.
I have an idea about adding tests for traps, so that we could test
"clientaddr" and the "trapsink" family of session creations with their "-s"
arguments, but I don't know how to invoke the other mechanisms.  Although,
maybe a unit test would be better for this, to invoke the transport
creation with clientaddr set, or with seession.localaddr set, or by setting
->source in the transport config, and making sure that the expected value
is filled in in the returned session.

  Bill
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: RFC: "-@" command line argument to set clientaddr per request/session

2018-05-03 Thread Bill Fenner 
On Thu, May 3, 2018 at 1:07 PM, Robert Story  wrote:

> On Wed, 2 May 2018 11:49:46 -0400 Bill wrote:
> BF> Is it too late to add this? This occurs to me just because it’s
> BF> an easier way to test the transports’ support of clientaddr, by
> BF> being able to set clientaddr dynamically via the command line,
> BF> and I just noticed that this is broken in 5.8.
>
> This would duplicate functionality.. Pretty much any config option
> can be set on the command line using '--TOKEN-VALUE'. e.g.
>
>
>  snmpget [...] --clientaddr=192.168.1.111 [...]
>

Depends on at what level you are looking at the functionality.  -@ would
set session.localaddr, which is a little different than setting
clientaddr.  In the sense of "how does my request look" when focusing on
the snmpget invocation, it's the same.  In the sense of "how do I set the
local source for a trapsess", it's different.

Since the v1/v2 trap sink commands have gained a "-s" argument, it might be
better to call this "-s" too instead of "-@".

  Bill
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: RFC: "-@" command line argument to set clientaddr per request/session

2018-05-03 Thread Robert Story 
On Wed, 2 May 2018 11:49:46 -0400 Bill wrote:
BF> Is it too late to add this? This occurs to me just because it’s
BF> an easier way to test the transports’ support of clientaddr, by
BF> being able to set clientaddr dynamically via the command line,
BF> and I just noticed that this is broken in 5.8.

This would duplicate functionality.. Pretty much any config option
can be set on the command line using '--TOKEN-VALUE'. e.g.


 snmpget [...] --clientaddr=192.168.1.111 [...]


Robert

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: 5.8 testing status

2018-05-03 Thread Robert Story 
On Wed, 2 May 2018 11:08:44 -0400 Bill wrote:
BF> I just filed https://sourceforge.net/p/net-snmp/bugs/2864/ :
BF> "clientaddr" doesn't work to set the source address for traps
BF> any more.  (And given that the code path is the same, I suspect
BF> it doesn't work for client requests either).  This is a
BF> regression against 5.7.3; that code has been restructured so
BF> it's not surprising that something has changed.
BF> 
BF> I poked around a little and couldn't find a smoking gun.  This
BF> is a showstopper for my application: we can't use 5.8 as is
BF> with this bug - but that doesn't necessarily mean that the
BF> project can't go ahead with the release, there are other needs
BF> than mine.

I think the fix you found looks right. Does it work in your testing?

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: Problem with Crypto - OpenSSL 1.1.0f - Linux 9.4 (stretch)

2018-05-03 Thread Keith Mendoza 
Dave,
Try adding --with-openssl=/usr in the call to configure on your raspberry pi. 
If you're brave you can also try 5.8pre3  from 
https://sourceforge.net/projects/net-snmp/files/net-snmp/5.8-pre-releases/

-- 
Thanks,
Keith (pantherse)

On Wed, May 2, 2018, at 7:04 PM, Dave C wrote:
> I'm trying to build net-snmp-5.7.3 on a raspbery pi running Raspbian 9.4
> stretch.
> 
> The default packages are OpenSSL 1.1.0f  25 May 2017, libssl-dev
> 1.1.0f-3+deb9u2.
> 
> I configure net-snmp like so,
> 
> ./configure --with-defaults --with-ldflags=-Bstatic --disable-embedded-perl
> --disable-perl-cc-checks --without-perl-modules
> 
> And get this config output..
> 
> > -
> > Net-SNMP configuration summary:
> > -
> >   SNMP Versions Supported:1 2c 3
> >   Building for:   linux
> >   Net-SNMP Version:   5.7.3
> >   Network transport support:  Callback Unix Alias TCP UDP IPv4Base
> > SocketBase TCPBase UDPIPv4Base UDPBase
> >   SNMPv3 Security Modules: usm
> >   Agent MIB code:default_modules =>  snmpv3mibs mibII ucd_snmp
> > notification notification-log-mib target agent_mibs agentx disman/event
> > disman/schedule utilities host
> >   MYSQL Trap Logging: unavailable
> >   Embedded Perl support:  disabled
> >   SNMP Perl modules:  disabled
> >   SNMP Python modules:disabled
> >   Crypto support from:crypto/ internal ??
> >   Authentication support: MD5 SHA1
> >   Encryption support: DES AES
> >   Local DNSSEC validation:disabled
> 
> 
> However make dies at this point.
> 
> /bin/bash ../libtool  --mode=compile gcc -I../include -I.
> >  -I../snmplib  -fno-strict-aliasing -g -O2 -Ulinux -Dlinux=linux  -c -o
> > keytools.lo keytools.c
> > libtool: compile:  gcc -I../include -I. -I../snmplib -fno-strict-aliasing
> > -g -O2 -Ulinux -Dlinux=linux -c keytools.c  -fPIC -DPIC -o .libs/keytools.o
> > keytools.c: In function 'generate_Ku':
> > keytools.c:155:25: error: dereferencing pointer to incomplete type
> > 'EVP_MD_CTX {aka struct evp_md_ctx_st}'
> >  ctx = malloc(sizeof(*ctx));
> >  ^~~~
> > keytools.c:265:9: warning: implicit declaration of function
> > 'EVP_MD_CTX_cleanup' [-Wimplicit-function-declaration]
> >  EVP_MD_CTX_cleanup(ctx);
> >  ^~
> > Makefile:98: recipe for target 'keytools.lo' failed
> > make[1]: *** [keytools.lo] Error 1
> > make[1]: Leaving directory '/root/net-snmp-5.7.3/snmplib'
> > Makefile:656: recipe for target 'subdirs' failed
> > make: *** [subdirs] Error 1
> 
> 
> So the first question is what's wrong with the above ?
> 
> 
> I have an Ubuntu box where I build net-snmp fine with crypo, it runs
> OpenSSL 1.0.2g so I downgraded the Raspbery PI to 1.0.2o
> 
> apt-get remove openssl
> > apt-get remove libssl-dev
> > cd ~
> > wget https://www.openssl.org/source/openssl-1.0.2o.tar.gz
> > cd openssl...
> > ./config --prefix=/usr/local --openssldir=/usr/local/openssl shared
> > make
> > make install
> > ldconfig
> > ldd $(which openssl)
> > linux-vdso.so.1 (0x7ee91000)
> > /usr/lib/arm-linux-gnueabihf/libarmmem.so (0x76f09000)
> > libssl.so.1.0.0 => /usr/local/lib/libssl.so.1.0.0 (0x76ea4000)
> > libcrypto.so.1.0.0 => /usr/local/lib/libcrypto.so.1.0.0
> > (0x76d17000)
> > libdl.so.2 => /lib/arm-linux-gnueabihf/libdl.so.2 (0x76d04000)
> > libc.so.6 => /lib/arm-linux-gnueabihf/libc.so.6 (0x76bc5000)
> > /lib/ld-linux-armhf.so.3 (0x76f1f000)
> >
> 
> Everything seems fine but now the configuration summary shows only "Crypto
> support from: Internal"
> 
> I looked at the configure script to see how it tests for OpenSSL support
> and replicated that
> 
> #include 
> > char EVP_md5 ();
> > int main(int argc, char *argv[]) {
> >   return EVP_md5 ();
> >   ;
> >   return 0;
> > }
> 
> 
> When I build that I get the following error showing that the EVP_md5 is
> accessible and the crypto library is installed.
> 
> # gcc t.c -lcrypto
> > t.c:3:6: error: conflicting types for ‘EVP_md5’
> >  char EVP_md5 ();
> >   ^~~
> > In file included from /usr/local/include/openssl/x509.h:73:0,
> >  from /usr/local/include/openssl/ssl.h:156,
> >  from t.c:1:
> > /usr/local/include/openssl/evp.h:716:15: note: previous declaration of
> > ‘EVP_md5’ was here
> >  const EVP_MD *EVP_md5(void);
> >^~~
> 
> 
> 
> I'm not sure if that's the exact test that the configure script is doing
> but it's just not detecting
> 
> I hacked the configure script to force CRYPTO="crypto" but then compilation
> fails elsewhere so I assume I actually have installed OpenSSL incorrectly.
> 
> But ether-way I would prefer to fix the first problem above and link
> to  libssl-dev
> 1.1.0f
> 
> Thanks
>