Detected on: 'master' of git://git.code.sf.net/p/net-snmp/code
The build fails when compiled with OpenSSL 1.1.0
With this patch, net-snmp builds with both OpenSSL 1.0.x and 1.1.x
While I don't have an environment with OpenSSL 1.1.0 readily available, I've skimmed the patch and other discussions of the differences between 1.0.x and 1.1.x, and I think this is the correct approach.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
In our environment we needed net-snmp to build on Debian 8 (with OpenSSL 1.0.x) and Debian 9 (OpenSSL 1.1.0). With this patch we have net-snmp building successfully on Debian 8 and Debian 9.
From: Bill Fenner fenner@users.sf.net
Sent: Tuesday, December 13, 2016 2:06 PM
To: [net-snmp:patches]
Subject: [net-snmp:patches] #1336 net-snmp fails to build with OpenSSL 1.1.0
While I don't have an environment with OpenSSL 1.1.0 readily available, I've skimmed the patch and other discussions of the differences between 1.0.x and 1.1.x, and I think this is the correct approach.
Status: open
Group: backport-needed
Labels: openssl
Created: Tue Dec 06, 2016 09:29 PM UTC by Sharmila Podury
Last Updated: Tue Dec 06, 2016 09:29 PM UTC
Owner: nobody
Attachments:
Detected on: 'master' of git://git.code.sf.net/p/net-snmp/code
The build fails when compiled with OpenSSL 1.1.0
With this patch, net-snmp builds with both OpenSSL 1.0.x and 1.1.x
?Yes, we don't have TLS transport domains configured in our environment, and the patch may not be covering all cases.
From: Niels Baggesen nba@users.sf.net
Sent: Thursday, December 15, 2016 12:27 AM
To: [net-snmp:patches]
Subject: [net-snmp:patches] #1336 net-snmp fails to build with OpenSSL 1.1.0
This is not the complete fix. I just pulled down a debian9 setup, and it fails horribly when you configure --with-transports=TLSTCP
Status: open
Group: backport-needed
Labels: openssl
Created: Tue Dec 06, 2016 09:29 PM UTC by Sharmila Podury
Last Updated: Tue Dec 13, 2016 10:06 PM UTC
Owner: nobody
Attachments:
Detected on: 'master' of git://git.code.sf.net/p/net-snmp/code
The build fails when compiled with OpenSSL 1.1.0
With this patch, net-snmp builds with both OpenSSL 1.0.x and 1.1.x
Status: accepted
Group: backport-needed
Labels: openssl
Created: Tue Dec 06, 2016 09:29 PM UTC by Sharmila Podury
Last Updated: Mon Mar 06, 2017 02:21 PM UTC
Owner: Niels Baggesen
Attachments:
Detected on: 'master' of git://git.code.sf.net/p/net-snmp/code
The build fails when compiled with OpenSSL 1.1.0
With this patch, net-snmp builds with both OpenSSL 1.0.x and 1.1.x
note, that's AFTER the HAVE_OPENSSL_DH_H if clause -- not sure if that's (still) the appropriate check.
that^ seems to get past the problem; I see no more related error.
but, atm, I'm failing at
/usr/lib64/gcc/x86_64-suse-linux/6/../../../../x86_64-suse-linux/bin/ld: warning: libssl.so.1.0.0, needed by /usr/local/mariadb/lib64/libmariadb.so, may conflict with libssl.so.1.1
/usr/lib64/gcc/x86_64-suse-linux/6/../../../../x86_64-suse-linux/bin/ld: warning: libcrypto.so.1.0.0, needed by /usr/local/mariadb/lib64/libmariadb.so, may conflict with libcrypto.so.1.1
./.libs/libnetsnmptrapd.so: undefined reference to `load_defaults'
./.libs/libnetsnmptrapd.so: undefined reference to `my_init'
collect2: error: ld returned 1 exit status
Makefile:302: recipe for target 'snmptrapd' failed
make[1]: *** [snmptrapd] Error 1
make[1]: Leaving directory '/usr/local/src/net-snmp-git/apps'
Makefile:657: recipe for target 'subdirs' failed
make: *** [subdirs] Error 1
due to not yet having updated my mariadb libs (working on it). So not certain that the reported problem is gone, though likely, or just not hitting it (yet) ...
Can check back in once I've cleaned up the mariadb libs ...
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2017-04-03
Can check back in once I've cleaned up the mariadb libs ...
Well, that's gonna take awhile to resolve, so for my net-snmp
While I don't have an environment with OpenSSL 1.1.0 readily available, I've skimmed the patch and other discussions of the differences between 1.0.x and 1.1.x, and I think this is the correct approach.
In our environment we needed net-snmp to build on Debian 8 (with OpenSSL 1.0.x) and Debian 9 (OpenSSL 1.1.0). With this patch we have net-snmp building successfully on Debian 8 and Debian 9.
From: Bill Fenner fenner@users.sf.net
Sent: Tuesday, December 13, 2016 2:06 PM
To: [net-snmp:patches]
Subject: [net-snmp:patches] #1336 net-snmp fails to build with OpenSSL 1.1.0
While I don't have an environment with OpenSSL 1.1.0 readily available, I've skimmed the patch and other discussions of the differences between 1.0.x and 1.1.x, and I think this is the correct approach.
[patches:#1336]https://urldefense.proofpoint.com/v2/url?u=https-3A__sourceforge.net_p_net-2Dsnmp_patches_1336_&d=DgMCAg&c=IL_XqQWOjubgfqINi2jTzg&r=u4NRJltHLbzd7c18Lr75oLxXJLlZQt1VAWHa90AyqZM&m=-BS83wC0hHZEbirWFtsfvDVjVhCu-HVdgYyCJ4CDr7k&s=ZEZZdXS1ds5f9_xZHkoxdx2gGEakAehclT5XzsFLgvI&e= net-snmp fails to build with OpenSSL 1.1.0
Status: open
Group: backport-needed
Labels: openssl
Created: Tue Dec 06, 2016 09:29 PM UTC by Sharmila Podury
Last Updated: Tue Dec 06, 2016 09:29 PM UTC
Owner: nobody
Attachments:
Detected on: 'master' of git://git.code.sf.net/p/net-snmp/code
The build fails when compiled with OpenSSL 1.1.0
With this patch, net-snmp builds with both OpenSSL 1.0.x and 1.1.x
Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/net-snmp/patches/1336/https://urldefense.proofpoint.com/v2/url?u=https-3A__sourceforge.net_p_net-2Dsnmp_patches_1336_&d=DgMCAg&c=IL_XqQWOjubgfqINi2jTzg&r=u4NRJltHLbzd7c18Lr75oLxXJLlZQt1VAWHa90AyqZM&m=-BS83wC0hHZEbirWFtsfvDVjVhCu-HVdgYyCJ4CDr7k&s=ZEZZdXS1ds5f9_xZHkoxdx2gGEakAehclT5XzsFLgvI&e=
To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/https://urldefense.proofpoint.com/v2/url?u=https-3A__sourceforge.net_auth_subscriptions_&d=DgMCAg&c=IL_XqQWOjubgfqINi2jTzg&r=u4NRJltHLbzd7c18Lr75oLxXJLlZQt1VAWHa90AyqZM&m=-BS83wC0hHZEbirWFtsfvDVjVhCu-HVdgYyCJ4CDr7k&s=X6or4hW_cc7dT-YVUh9oo2hJwR4caKy8h-DeDEuYpUw&e=
Related
Patches:
#1336This is not the complete fix. I just pulled down a debian9 setup, and it fails horribly when you configure --with-transports=TLSTCP
?Yes, we don't have TLS transport domains configured in our environment, and the patch may not be covering all cases.
From: Niels Baggesen nba@users.sf.net
Sent: Thursday, December 15, 2016 12:27 AM
To: [net-snmp:patches]
Subject: [net-snmp:patches] #1336 net-snmp fails to build with OpenSSL 1.1.0
This is not the complete fix. I just pulled down a debian9 setup, and it fails horribly when you configure --with-transports=TLSTCP
[patches:#1336]https://urldefense.proofpoint.com/v2/url?u=https-3A__sourceforge.net_p_net-2Dsnmp_patches_1336_&d=DgMCAg&c=IL_XqQWOjubgfqINi2jTzg&r=u4NRJltHLbzd7c18Lr75oLxXJLlZQt1VAWHa90AyqZM&m=IiE1Z_H3W4BUpcRFZHRlCYwhpsFhCc1r0pDa9x8srcU&s=OoPatJwjOwTfTohChRwgHSVOB1pGQhHdfPTj9mbsUZE&e= net-snmp fails to build with OpenSSL 1.1.0
Status: open
Group: backport-needed
Labels: openssl
Created: Tue Dec 06, 2016 09:29 PM UTC by Sharmila Podury
Last Updated: Tue Dec 13, 2016 10:06 PM UTC
Owner: nobody
Attachments:
Detected on: 'master' of git://git.code.sf.net/p/net-snmp/code
The build fails when compiled with OpenSSL 1.1.0
With this patch, net-snmp builds with both OpenSSL 1.0.x and 1.1.x
Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/net-snmp/patches/1336/https://urldefense.proofpoint.com/v2/url?u=https-3A__sourceforge.net_p_net-2Dsnmp_patches_1336_&d=DgMCAg&c=IL_XqQWOjubgfqINi2jTzg&r=u4NRJltHLbzd7c18Lr75oLxXJLlZQt1VAWHa90AyqZM&m=IiE1Z_H3W4BUpcRFZHRlCYwhpsFhCc1r0pDa9x8srcU&s=OoPatJwjOwTfTohChRwgHSVOB1pGQhHdfPTj9mbsUZE&e=
To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/https://urldefense.proofpoint.com/v2/url?u=https-3A__sourceforge.net_auth_subscriptions_&d=DgMCAg&c=IL_XqQWOjubgfqINi2jTzg&r=u4NRJltHLbzd7c18Lr75oLxXJLlZQt1VAWHa90AyqZM&m=IiE1Z_H3W4BUpcRFZHRlCYwhpsFhCc1r0pDa9x8srcU&s=YgmNjHtcJmgRFCC5uInD5Po2WyNTY9RJc8jgQCho3X4&e=
Related
Patches:
#1336... and DTLSUDP for that matter
Thanks for accepting the patch. We will update our repo with the upstream changes.
From: Niels Baggesen nba@users.sf.net
Sent: Wednesday, March 22, 2017 1:47 PM
To: [net-snmp:patches]
Subject: [net-snmp:patches] #1336 net-snmp fails to build with OpenSSL 1.1.0
Thanks for the patch. It has been applied, slightly modified to accomodate LibreSSL, for the 5.7 patches branch and for trunk.
[patches:#1336]https://urldefense.proofpoint.com/v2/url?u=https-3A__sourceforge.net_p_net-2Dsnmp_patches_1336_&d=DwMCAg&c=IL_XqQWOjubgfqINi2jTzg&r=u4NRJltHLbzd7c18Lr75oLxXJLlZQt1VAWHa90AyqZM&m=RSB09N6CB00hiDOa8hVPxwEFcEkes7_TNt34gsxyK2w&s=UAt0Xl0Iws7YmGc8iiM8B_3qOvGiHnFZzsBgpjJlLts&e= net-snmp fails to build with OpenSSL 1.1.0
Status: accepted
Group: backport-needed
Labels: openssl
Created: Tue Dec 06, 2016 09:29 PM UTC by Sharmila Podury
Last Updated: Mon Mar 06, 2017 02:21 PM UTC
Owner: Niels Baggesen
Attachments:
Detected on: 'master' of git://git.code.sf.net/p/net-snmp/code
The build fails when compiled with OpenSSL 1.1.0
With this patch, net-snmp builds with both OpenSSL 1.0.x and 1.1.x
Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/net-snmp/patches/1336/https://urldefense.proofpoint.com/v2/url?u=https-3A__sourceforge.net_p_net-2Dsnmp_patches_1336_&d=DwMCAg&c=IL_XqQWOjubgfqINi2jTzg&r=u4NRJltHLbzd7c18Lr75oLxXJLlZQt1VAWHa90AyqZM&m=RSB09N6CB00hiDOa8hVPxwEFcEkes7_TNt34gsxyK2w&s=UAt0Xl0Iws7YmGc8iiM8B_3qOvGiHnFZzsBgpjJlLts&e=
To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/https://urldefense.proofpoint.com/v2/url?u=https-3A__sourceforge.net_auth_subscriptions_&d=DwMCAg&c=IL_XqQWOjubgfqINi2jTzg&r=u4NRJltHLbzd7c18Lr75oLxXJLlZQt1VAWHa90AyqZM&m=RSB09N6CB00hiDOa8hVPxwEFcEkes7_TNt34gsxyK2w&s=YLifZfofS4NA-2yZiyY487RHB3EiVKFUjkUwdUC4FDM&e=
Related
Patches:
#1336Thanks for the patch. It has been applied, slightly modified to accomodate LibreSSL, for the 5.7 patches branch and for trunk.
building both trunk & 5.7-patches branches on linux64, with openssl 1.1 API libs,
build currently fails @
make V=1 ... libtool: link: /usr/bin/gcc-6 -O3 -Wall -fstack-protector -funwind-tables -fasynchronous-unwind-tables -fmessage-length=0 -grecord-gcc-switches -march=native -mtune=native -DNETSNMP_ENABLE_IPV6 -fno-strict-aliasing -DNETSNMP_REMOVE_U64 -O3 -Wall -fstack-protector -funwind-tables -fasynchronous-unwind-tables -fmessage-length=0 -grecord-gcc-switches -march=native -mtune=native -Ulinux -Dlinux=linux -D_REENTRANT -D_GNU_SOURCE -DPERL_USE_SAFE_PUTENV -fno-strict-aliasing -pipe -fstack-protector -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/CORE -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wno-type-limits -Wno-unused-result -Wno-sign-compare -o .libs/snmpusm .libs/snmpusm.o -Wl,-rpath -Wl,/usr/local/lib64 -Wl,-rpath -Wl,/usr/local/openssl11/lib64 -L/usr/local/lib64 -L/usr/local/openssl11/lib64 ../snmplib/.libs/libnetsnmp.so -lssh2 -lssl -lcrypto -lnl-3 -lm -Wl,-rpath -Wl,/usr/local/net-snmp/lib64 .libs/snmpusm.o: In function `get_USM_DH_key': snmpusm.c:(.text+0xaac): undefined reference to `BN_num_bytes' snmpusm.c:(.text+0xc00): undefined reference to `BN_num_bytes' collect2: error: ld returned 1 exit status Makefile:319: recipe for target 'snmpusm' failed make[1]: *** [snmpusm] Error 1 make[1]: Leaving directory '/usr/local/src/net-snmp-git/apps' Makefile:657: recipe for target 'subdirs' failed make: *** [subdirs] Error 1in openssl, the symbol's defined in,
in net-snmp sources the symbol appears only in
which both
but in /usr/local/openssl11/include/openssl/dh.h
i.e., include ONLY for pre-v1.1.0 openssl
Can you try adding
below the existing #includes of dh.h? E.g., https://www.openssl.org/docs/man1.1.0/crypto/BN_num_bytes.html suggests that explicitly including is required, and maybe it was just accidental namespace pollution that made it work before.
for,
I added
note, that's AFTER the HAVE_OPENSSL_DH_H if clause -- not sure if that's (still) the appropriate check.
that^ seems to get past the problem; I see no more related error.
but, atm, I'm failing at
due to not yet having updated my mariadb libs (working on it). So not certain that the reported problem is gone, though likely, or just not hitting it (yet) ...
Can check back in once I've cleaned up the mariadb libs ...
Well, that's gonna take awhile to resolve, so for my net-snmp
./configure \ --with-openssl=/usr/local/openssl11 \ - --with-mysql \ + --without-mysql \ + --disable-manuals ...... make[1]: Entering directory '/usr/local/src/net-snmp-git/man' mkdir /usr/local/net-snmp/share/man mkdir /usr/local/net-snmp/share/man/man1 mkdir /usr/local/net-snmp/share/man/man3 mkdir /usr/local/net-snmp/share/man/man5 mkdir /usr/local/net-snmp/share/man/man8 make[1]: *** No rule to make target '../sedscript', needed by 'agentxtrap.1'. Stop. make[1]: Leaving directory '/usr/local/src/net-snmp-git/man' Makefile:953: recipe for target 'installsubdirs' failed make: *** [installsubdirs] Error 1now builds/installs successfully, no errors, and is seemingly correctly linked,
sbin/snmpd --version NET-SNMP version: 5.8.dev Web: http://www.net-snmp.org/ Email: net-snmp-coders@lists.sourceforge.net ldd sbin/snmpd | egrep -i "libssh|libssl|libcrypto" libssh2.so.1 => /usr/local/lib64/libssh2.so.1 (0x00007f1037ec6000) libssl.so.1.1 => /usr/local/openssl11/lib64/libssl.so.1.1 (0x00007f1037c58000) libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1 (0x00007f10377af000)Revisiting this now that mariadb 10.2-dev's got openssl11 support working.
1st, the
issue, above, I've opened as
so with the (partial?) workaround for the 'load_defaults' issue, AND having added the
as above, build again/still fails at
with openssl build's 1.1-only API def'd
those syms, EVP_MD_CTX_free & EVP_MD_CTX_new, as well as others, are deprecated.
cref:
https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes .