Re: Problem with Crypto - OpenSSL 1.1.0f - Linux 9.4 (stretch)
Dave, On Thu, May 3, 2018, at 2:02 PM, Dave C wrote: > Thanks, you solved my problem but with the path as /usr/local where I had > installed openssl to. Glad I could help. Since you said you were running Raspbian I assumed that you used the OpenSSL Debian packages which usually installs in /usr. > > > I'll probably have to stick with 5.7.3 for production for now (on Pi > Compute Module) but seeing as you did me a favour I thought I would give > 5.8 pre3 a spin for you. Perhaps I'm the first as I just got the release > notice this morning. > > All worked fine no issues to report, basic tests of my AgentX daemon (still > compiled against 5.7.3) works. Appreciate the feedback. I know the dev team would like it to be tested on as many hardware/OS platforms as possible. > > > ./configure --with-defaults --with-ldflags=-Bstatic --disable-embedded-perl > > --disable-perl-cc-checks --without-perl-modules --with-openssl=/usr/local > > > > - > > Net-SNMP configuration summary: > > - > > SNMP Versions Supported:1 2c 3 > > Building for: linux > > Net-SNMP Version: 5.8.pre3 > > Network transport support: Callback Unix Alias TCP UDP TCPIPv6 UDPIPv6 > > IPv4Base SocketBase TCPBase UDPIPv4Base UDPBase IPv6Base > > SNMPv3 Security Modules: usm > > Agent MIB code:default_modules => snmpv3mibs mibII ucd_snmp > > notification notification-log-mib target agent_mibs agentx disman/event > > disman/schedule utilities host > > MYSQL Trap Logging: unavailable > > Embedded Perl support: disabled > > SNMP Perl modules: disabled > > SNMP Python modules:disabled > > Crypto support from:crypto > > Authentication support: MD5 SHA1 SHA512 SHA384 SHA256 SHA192 > > Encryption support: DES AES > > Local DNSSEC validation:disabled > > - > > > > root@raspberrypi:~# snmpd --version > > NET-SNMP version: 5.8.pre3 > > Web: http://www.net-snmp.org/ > > Email: net-snmp-coders@lists.sourceforge.net > > root@raspberrypi:~# Hello from Pi-land > > > > > > On Fri, May 4, 2018 at 1:17 AM, Keith Mendozawrote: > > > Dave, > > Try adding --with-openssl=/usr in the call to configure on your raspberry > > pi. If you're brave you can also try 5.8pre3 from > > https://sourceforge.net/projects/net-snmp/files/net-snmp/5.8-pre-releases/ > > > > -- > > Thanks, > > Keith (pantherse) > > > > On Wed, May 2, 2018, at 7:04 PM, Dave C wrote: > > > I'm trying to build net-snmp-5.7.3 on a raspbery pi running Raspbian 9.4 > > > stretch. > > > > > > The default packages are OpenSSL 1.1.0f 25 May 2017, libssl-dev > > > 1.1.0f-3+deb9u2. > > > > > > I configure net-snmp like so, > > > > > > ./configure --with-defaults --with-ldflags=-Bstatic > > --disable-embedded-perl > > > --disable-perl-cc-checks --without-perl-modules > > > > > > And get this config output.. > > > > > > > - > > > > Net-SNMP configuration summary: > > > > - > > > > SNMP Versions Supported:1 2c 3 > > > > Building for: linux > > > > Net-SNMP Version: 5.7.3 > > > > Network transport support: Callback Unix Alias TCP UDP IPv4Base > > > > SocketBase TCPBase UDPIPv4Base UDPBase > > > > SNMPv3 Security Modules: usm > > > > Agent MIB code:default_modules => snmpv3mibs mibII > > ucd_snmp > > > > notification notification-log-mib target agent_mibs agentx disman/event > > > > disman/schedule utilities host > > > > MYSQL Trap Logging: unavailable > > > > Embedded Perl support: disabled > > > > SNMP Perl modules: disabled > > > > SNMP Python modules:disabled > > > > Crypto support from:crypto/ internal ?? > > > > Authentication support: MD5 SHA1 > > > > Encryption support: DES AES > > > > Local DNSSEC validation:disabled > > > > > > > > > However make dies at this point. > > > > > > /bin/bash ../libtool --mode=compile gcc -I../include -I. > > > > -I../snmplib -fno-strict-aliasing -g -O2 -Ulinux -Dlinux=linux -c -o > > > > keytools.lo keytools.c > > > > libtool: compile: gcc -I../include -I. -I../snmplib > > -fno-strict-aliasing > > > > -g -O2 -Ulinux -Dlinux=linux -c keytools.c -fPIC -DPIC -o > > .libs/keytools.o > > > > keytools.c: In function 'generate_Ku': > > > > keytools.c:155:25: error: dereferencing pointer to incomplete type > > > > 'EVP_MD_CTX {aka struct evp_md_ctx_st}' > > > > ctx = malloc(sizeof(*ctx)); > > > > ^~~~ > > > > keytools.c:265:9: warning: implicit declaration of function > > > > 'EVP_MD_CTX_cleanup'
Re: Problem with Crypto - OpenSSL 1.1.0f - Linux 9.4 (stretch)
Thanks, you solved my problem but with the path as /usr/local where I had installed openssl to. I'll probably have to stick with 5.7.3 for production for now (on Pi Compute Module) but seeing as you did me a favour I thought I would give 5.8 pre3 a spin for you. Perhaps I'm the first as I just got the release notice this morning. All worked fine no issues to report, basic tests of my AgentX daemon (still compiled against 5.7.3) works. ./configure --with-defaults --with-ldflags=-Bstatic --disable-embedded-perl > --disable-perl-cc-checks --without-perl-modules --with-openssl=/usr/local - > Net-SNMP configuration summary: > - > SNMP Versions Supported:1 2c 3 > Building for: linux > Net-SNMP Version: 5.8.pre3 > Network transport support: Callback Unix Alias TCP UDP TCPIPv6 UDPIPv6 > IPv4Base SocketBase TCPBase UDPIPv4Base UDPBase IPv6Base > SNMPv3 Security Modules: usm > Agent MIB code:default_modules => snmpv3mibs mibII ucd_snmp > notification notification-log-mib target agent_mibs agentx disman/event > disman/schedule utilities host > MYSQL Trap Logging: unavailable > Embedded Perl support: disabled > SNMP Perl modules: disabled > SNMP Python modules:disabled > Crypto support from:crypto > Authentication support: MD5 SHA1 SHA512 SHA384 SHA256 SHA192 > Encryption support: DES AES > Local DNSSEC validation:disabled > - root@raspberrypi:~# snmpd --version > NET-SNMP version: 5.8.pre3 > Web: http://www.net-snmp.org/ > Email: net-snmp-coders@lists.sourceforge.net > root@raspberrypi:~# Hello from Pi-land On Fri, May 4, 2018 at 1:17 AM, Keith Mendozawrote: > Dave, > Try adding --with-openssl=/usr in the call to configure on your raspberry > pi. If you're brave you can also try 5.8pre3 from > https://sourceforge.net/projects/net-snmp/files/net-snmp/5.8-pre-releases/ > > -- > Thanks, > Keith (pantherse) > > On Wed, May 2, 2018, at 7:04 PM, Dave C wrote: > > I'm trying to build net-snmp-5.7.3 on a raspbery pi running Raspbian 9.4 > > stretch. > > > > The default packages are OpenSSL 1.1.0f 25 May 2017, libssl-dev > > 1.1.0f-3+deb9u2. > > > > I configure net-snmp like so, > > > > ./configure --with-defaults --with-ldflags=-Bstatic > --disable-embedded-perl > > --disable-perl-cc-checks --without-perl-modules > > > > And get this config output.. > > > > > - > > > Net-SNMP configuration summary: > > > - > > > SNMP Versions Supported:1 2c 3 > > > Building for: linux > > > Net-SNMP Version: 5.7.3 > > > Network transport support: Callback Unix Alias TCP UDP IPv4Base > > > SocketBase TCPBase UDPIPv4Base UDPBase > > > SNMPv3 Security Modules: usm > > > Agent MIB code:default_modules => snmpv3mibs mibII > ucd_snmp > > > notification notification-log-mib target agent_mibs agentx disman/event > > > disman/schedule utilities host > > > MYSQL Trap Logging: unavailable > > > Embedded Perl support: disabled > > > SNMP Perl modules: disabled > > > SNMP Python modules:disabled > > > Crypto support from:crypto/ internal ?? > > > Authentication support: MD5 SHA1 > > > Encryption support: DES AES > > > Local DNSSEC validation:disabled > > > > > > However make dies at this point. > > > > /bin/bash ../libtool --mode=compile gcc -I../include -I. > > > -I../snmplib -fno-strict-aliasing -g -O2 -Ulinux -Dlinux=linux -c -o > > > keytools.lo keytools.c > > > libtool: compile: gcc -I../include -I. -I../snmplib > -fno-strict-aliasing > > > -g -O2 -Ulinux -Dlinux=linux -c keytools.c -fPIC -DPIC -o > .libs/keytools.o > > > keytools.c: In function 'generate_Ku': > > > keytools.c:155:25: error: dereferencing pointer to incomplete type > > > 'EVP_MD_CTX {aka struct evp_md_ctx_st}' > > > ctx = malloc(sizeof(*ctx)); > > > ^~~~ > > > keytools.c:265:9: warning: implicit declaration of function > > > 'EVP_MD_CTX_cleanup' [-Wimplicit-function-declaration] > > > EVP_MD_CTX_cleanup(ctx); > > > ^~ > > > Makefile:98: recipe for target 'keytools.lo' failed > > > make[1]: *** [keytools.lo] Error 1 > > > make[1]: Leaving directory '/root/net-snmp-5.7.3/snmplib' > > > Makefile:656: recipe for target 'subdirs' failed > > > make: *** [subdirs] Error 1 > > > > > > So the first question is what's wrong with the above ? > > > > > > I have an Ubuntu box where I build net-snmp fine with crypo, it runs > > OpenSSL 1.0.2g so I downgraded the Raspbery PI to 1.0.2o > > > > apt-get
Re: Problem with Crypto - OpenSSL 1.1.0f - Linux 9.4 (stretch)
Dave, Try adding --with-openssl=/usr in the call to configure on your raspberry pi. If you're brave you can also try 5.8pre3 from https://sourceforge.net/projects/net-snmp/files/net-snmp/5.8-pre-releases/ -- Thanks, Keith (pantherse) On Wed, May 2, 2018, at 7:04 PM, Dave C wrote: > I'm trying to build net-snmp-5.7.3 on a raspbery pi running Raspbian 9.4 > stretch. > > The default packages are OpenSSL 1.1.0f 25 May 2017, libssl-dev > 1.1.0f-3+deb9u2. > > I configure net-snmp like so, > > ./configure --with-defaults --with-ldflags=-Bstatic --disable-embedded-perl > --disable-perl-cc-checks --without-perl-modules > > And get this config output.. > > > - > > Net-SNMP configuration summary: > > - > > SNMP Versions Supported:1 2c 3 > > Building for: linux > > Net-SNMP Version: 5.7.3 > > Network transport support: Callback Unix Alias TCP UDP IPv4Base > > SocketBase TCPBase UDPIPv4Base UDPBase > > SNMPv3 Security Modules: usm > > Agent MIB code:default_modules => snmpv3mibs mibII ucd_snmp > > notification notification-log-mib target agent_mibs agentx disman/event > > disman/schedule utilities host > > MYSQL Trap Logging: unavailable > > Embedded Perl support: disabled > > SNMP Perl modules: disabled > > SNMP Python modules:disabled > > Crypto support from:crypto/ internal ?? > > Authentication support: MD5 SHA1 > > Encryption support: DES AES > > Local DNSSEC validation:disabled > > > However make dies at this point. > > /bin/bash ../libtool --mode=compile gcc -I../include -I. > > -I../snmplib -fno-strict-aliasing -g -O2 -Ulinux -Dlinux=linux -c -o > > keytools.lo keytools.c > > libtool: compile: gcc -I../include -I. -I../snmplib -fno-strict-aliasing > > -g -O2 -Ulinux -Dlinux=linux -c keytools.c -fPIC -DPIC -o .libs/keytools.o > > keytools.c: In function 'generate_Ku': > > keytools.c:155:25: error: dereferencing pointer to incomplete type > > 'EVP_MD_CTX {aka struct evp_md_ctx_st}' > > ctx = malloc(sizeof(*ctx)); > > ^~~~ > > keytools.c:265:9: warning: implicit declaration of function > > 'EVP_MD_CTX_cleanup' [-Wimplicit-function-declaration] > > EVP_MD_CTX_cleanup(ctx); > > ^~ > > Makefile:98: recipe for target 'keytools.lo' failed > > make[1]: *** [keytools.lo] Error 1 > > make[1]: Leaving directory '/root/net-snmp-5.7.3/snmplib' > > Makefile:656: recipe for target 'subdirs' failed > > make: *** [subdirs] Error 1 > > > So the first question is what's wrong with the above ? > > > I have an Ubuntu box where I build net-snmp fine with crypo, it runs > OpenSSL 1.0.2g so I downgraded the Raspbery PI to 1.0.2o > > apt-get remove openssl > > apt-get remove libssl-dev > > cd ~ > > wget https://www.openssl.org/source/openssl-1.0.2o.tar.gz > > cd openssl... > > ./config --prefix=/usr/local --openssldir=/usr/local/openssl shared > > make > > make install > > ldconfig > > ldd $(which openssl) > > linux-vdso.so.1 (0x7ee91000) > > /usr/lib/arm-linux-gnueabihf/libarmmem.so (0x76f09000) > > libssl.so.1.0.0 => /usr/local/lib/libssl.so.1.0.0 (0x76ea4000) > > libcrypto.so.1.0.0 => /usr/local/lib/libcrypto.so.1.0.0 > > (0x76d17000) > > libdl.so.2 => /lib/arm-linux-gnueabihf/libdl.so.2 (0x76d04000) > > libc.so.6 => /lib/arm-linux-gnueabihf/libc.so.6 (0x76bc5000) > > /lib/ld-linux-armhf.so.3 (0x76f1f000) > > > > Everything seems fine but now the configuration summary shows only "Crypto > support from: Internal" > > I looked at the configure script to see how it tests for OpenSSL support > and replicated that > > #include > > char EVP_md5 (); > > int main(int argc, char *argv[]) { > > return EVP_md5 (); > > ; > > return 0; > > } > > > When I build that I get the following error showing that the EVP_md5 is > accessible and the crypto library is installed. > > # gcc t.c -lcrypto > > t.c:3:6: error: conflicting types for ‘EVP_md5’ > > char EVP_md5 (); > > ^~~ > > In file included from /usr/local/include/openssl/x509.h:73:0, > > from /usr/local/include/openssl/ssl.h:156, > > from t.c:1: > > /usr/local/include/openssl/evp.h:716:15: note: previous declaration of > > ‘EVP_md5’ was here > > const EVP_MD *EVP_md5(void); > >^~~ > > > > I'm not sure if that's the exact test that the configure script is doing > but it's just not detecting > > I hacked the configure script to force CRYPTO="crypto" but then compilation > fails elsewhere so I assume I actually have installed OpenSSL incorrectly. > > But ether-way I would prefer to fix the first problem above and link > to libssl-dev > 1.1.0f > > Thanks >
Problem with Crypto - OpenSSL 1.1.0f - Linux 9.4 (stretch)
I'm trying to build net-snmp-5.7.3 on a raspbery pi running Raspbian 9.4 stretch. The default packages are OpenSSL 1.1.0f 25 May 2017, libssl-dev 1.1.0f-3+deb9u2. I configure net-snmp like so, ./configure --with-defaults --with-ldflags=-Bstatic --disable-embedded-perl --disable-perl-cc-checks --without-perl-modules And get this config output.. > - > Net-SNMP configuration summary: > - > SNMP Versions Supported:1 2c 3 > Building for: linux > Net-SNMP Version: 5.7.3 > Network transport support: Callback Unix Alias TCP UDP IPv4Base > SocketBase TCPBase UDPIPv4Base UDPBase > SNMPv3 Security Modules: usm > Agent MIB code:default_modules => snmpv3mibs mibII ucd_snmp > notification notification-log-mib target agent_mibs agentx disman/event > disman/schedule utilities host > MYSQL Trap Logging: unavailable > Embedded Perl support: disabled > SNMP Perl modules: disabled > SNMP Python modules:disabled > Crypto support from:crypto/ internal ?? > Authentication support: MD5 SHA1 > Encryption support: DES AES > Local DNSSEC validation:disabled However make dies at this point. /bin/bash ../libtool --mode=compile gcc -I../include -I. > -I../snmplib -fno-strict-aliasing -g -O2 -Ulinux -Dlinux=linux -c -o > keytools.lo keytools.c > libtool: compile: gcc -I../include -I. -I../snmplib -fno-strict-aliasing > -g -O2 -Ulinux -Dlinux=linux -c keytools.c -fPIC -DPIC -o .libs/keytools.o > keytools.c: In function 'generate_Ku': > keytools.c:155:25: error: dereferencing pointer to incomplete type > 'EVP_MD_CTX {aka struct evp_md_ctx_st}' > ctx = malloc(sizeof(*ctx)); > ^~~~ > keytools.c:265:9: warning: implicit declaration of function > 'EVP_MD_CTX_cleanup' [-Wimplicit-function-declaration] > EVP_MD_CTX_cleanup(ctx); > ^~ > Makefile:98: recipe for target 'keytools.lo' failed > make[1]: *** [keytools.lo] Error 1 > make[1]: Leaving directory '/root/net-snmp-5.7.3/snmplib' > Makefile:656: recipe for target 'subdirs' failed > make: *** [subdirs] Error 1 So the first question is what's wrong with the above ? I have an Ubuntu box where I build net-snmp fine with crypo, it runs OpenSSL 1.0.2g so I downgraded the Raspbery PI to 1.0.2o apt-get remove openssl > apt-get remove libssl-dev > cd ~ > wget https://www.openssl.org/source/openssl-1.0.2o.tar.gz > cd openssl... > ./config --prefix=/usr/local --openssldir=/usr/local/openssl shared > make > make install > ldconfig > ldd $(which openssl) > linux-vdso.so.1 (0x7ee91000) > /usr/lib/arm-linux-gnueabihf/libarmmem.so (0x76f09000) > libssl.so.1.0.0 => /usr/local/lib/libssl.so.1.0.0 (0x76ea4000) > libcrypto.so.1.0.0 => /usr/local/lib/libcrypto.so.1.0.0 > (0x76d17000) > libdl.so.2 => /lib/arm-linux-gnueabihf/libdl.so.2 (0x76d04000) > libc.so.6 => /lib/arm-linux-gnueabihf/libc.so.6 (0x76bc5000) > /lib/ld-linux-armhf.so.3 (0x76f1f000) > Everything seems fine but now the configuration summary shows only "Crypto support from: Internal" I looked at the configure script to see how it tests for OpenSSL support and replicated that #include > char EVP_md5 (); > int main(int argc, char *argv[]) { > return EVP_md5 (); > ; > return 0; > } When I build that I get the following error showing that the EVP_md5 is accessible and the crypto library is installed. # gcc t.c -lcrypto > t.c:3:6: error: conflicting types for ‘EVP_md5’ > char EVP_md5 (); > ^~~ > In file included from /usr/local/include/openssl/x509.h:73:0, > from /usr/local/include/openssl/ssl.h:156, > from t.c:1: > /usr/local/include/openssl/evp.h:716:15: note: previous declaration of > ‘EVP_md5’ was here > const EVP_MD *EVP_md5(void); >^~~ I'm not sure if that's the exact test that the configure script is doing but it's just not detecting I hacked the configure script to force CRYPTO="crypto" but then compilation fails elsewhere so I assume I actually have installed OpenSSL incorrectly. But ether-way I would prefer to fix the first problem above and link to libssl-dev 1.1.0f Thanks -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders