RHEL9 requires AES replacemed instead of DES at one point in the Code

Question

RHEL9 requires AES replacemed instead of DES at one point in the Code

Closed this issue 2 years ago · 3 comments

RHEL9 Systems will complain about DES Cipher use,

and the following will need to be changed in snmp_bulkget.c :

/session->securityPrivProto = snmp_duplicate_objid(usmDESPrivProtocol, USM_PRIV_PROTO_DES_LEN);

to

/session->securityPrivProto = snmp_duplicate_objid(usmAESPrivProtocol, USM_PRIV_PROTO_DES_LEN);

recompilation then is required (for example like this), and everything should work after :

gcc -o check_interfaces snmp_bulkget.o utils.o -lrt -Wl,-z,relro -Wl,--as-needed -Wl,-z,now -fPIE -lm -L/usr/lib64 -lnetsnmp -lssl -lcrypto -lm -lnetsnmp

Answer 1 · 2022-12-15T11:48:48.000Z

@pdolinic Could you put that into a PR?

Answer 2 · 2023-01-23T12:54:48.000Z

ok, the original reason for this problem is, that in Red Hat packages DES has patches to remove the DES algorithms completely ( https://src.fedoraproject.org/rpms/net-snmp/blob/rawhide/f/net-snmp-5.9.1-remove-des.patch ) which breaks compiling here.

Answer 3 · 2023-01-25T18:35:59.000Z

Fixed with 31cdf0a