#2757 configure: error: The DTLS based transports require the libssl library from OpenSSL to be available, although it is installed

[Jean-christophe Manciot]

Ubuntu 16.10 4.8
snmp git commit 20161115.f629d12
echo -----------
echo Configuring
echo -----------
sudo -u actionmystique -H ./configure \ --with-default-snmp-version="3" --with-sys-contact="noone@no.where" --with-sys-location="Unknown" \ --with-logfile="/var/log/snmpd.log" --with-persistent-directory="/var/net-snmp" \ --with-systemd \ --with-openssl \ --enable-shared \ --enable-ipv6 \ --with-transports="UDP UDPIPv6 TCP TCPIPv6 TLSTCP" \ --with-security-modules="usm ksm tsm" \ --with-mib-modules="mibII snmpv3mibs agent_mibs notification target utilities disman/event disman/schedule smux host ip-mib/ipv4InterfaceTable ip-mib/ipv6InterfaceTable tunnel misc/ipfwacc agentx" \ --with-python-modules \ --enable-embedded-perl \ --prefix=/usr --sysconfdir=/etc --localstatedir=/var
...
checking for SSL_library_init in -lssl... no
configure: error: The DTLS based transports require the libssl library from OpenSSL to be available

However, all libssl packages are installed, including the most recent one (1.1.0c). It seems that the latter confuses ./configure.
$ apt search libssl
...

libssl-dev/yakkety,now 1.1.0c+16.10 amd64 [installed]
Secure Sockets Layer toolkit - development files

libssl1.0.0/yakkety,now 1.0.2g-1ubuntu9 amd64 [installed]
Secure Sockets Layer toolkit - shared libraries

libssl1.1/yakkety,now 1.1.0c+16.10 amd64 [installed]
Secure Sockets Layer toolkit - shared libraries

[Bart Van Assche]

Have you installed the libssl-dev package?

[Jean-christophe Manciot]

Have you read my post?

[Petr Písař]

OpenSSL 1.1.0 changed API. net-snmp needs to adjust. A patch was posted to mailing list https://sourceforge.net/p/net-snmp/mailman/net-snmp-coders/thread/handler.828449.B828449.14786375068381.ackinfo%40bugs.debian.org/#msg35501741.

[Jean-christophe Manciot]

Applying the patch fails on last master commit (d23474c85b64500788545edf031b0a2168d3ddd5):

git apply ../net-snmp-openssl110.patch
../net-snmp-openssl110.patch:19: trailing whitespace.
        DH_get0_pqg(dh, &p, NULL, &g); 
error: patch failed: snmplib/keytools.c:149
error: snmplib/keytools.c: patch does not apply
error: patch failed: snmplib/scapi.c:486
error: snmplib/scapi.c: patch does not apply

[Josef Ridky]

Here you have patch which add support for OpenSSL-1.1.0 (only!) to net-snmp.

[Jean-christophe Manciot]

It does not work, at all:
git apply ../net-snmp-5.7.3-openssl.patch
../net-snmp-5.7.3-openssl.patch:20: trailing whitespace.

error: patch failed: configure.d/config_os_libs2:292
error: configure.d/config_os_libs2: patch does not apply
error: configure.systemd: No such file or directory
error: include/net-snmp/net-snmp-config.h.in.systemd: No such file or directory
error: patch failed: snmplib/keytools.c:149
error: snmplib/keytools.c: patch does not apply
error: patch failed: snmplib/scapi.c:486
error: snmplib/scapi.c: patch does not apply

[Josef Ridky]

You should take it at least as example of what you have to change in net-snmp, if you want to use it with OpenSSL-1.1.0. Of course that it will probably not match exactly to your version (this is patch from Fedora, where we have to have some additional patches and files, which are not contained in upstream - e.g. .systemd files). With this patch, I am able to successfully compile and build net-snmp in Fedora using OpenSSL-1.1.0. There is lot of additional changes, which were not mentioned in https://sourceforge.net/p/net-snmp/mailman/net-snmp-coders/thread/handler.828449.B828449.14786375068381.ackinfo%40bugs.debian.org/#msg35501741.

So it's up to you, how will you use this information, but I think, that this patch could help you significantly with implementation of OpenSSL-1.1.0 in net-snmp.

I have try to apply these changes to master branch of net-snmp. Result is in attachment.