<div dir="ltr">Hi Owen,<div><br></div><div>OK, I think I know what happened, I was checking a different branch. No idea why the build system says it is building with them when it's not.<div>Your patch is fine, I'll add that in shortly.</div><div><br></div><div> - Craig</div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 27 Oct 2020 at 10:18, Craig Small <<a href="mailto:csmall@debian.org">csmall@debian.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr">On Tue, 27 Oct 2020 at 07:42, Owen Evans <<a href="mailto:oevans@sciencelogic.com" target="_blank">oevans@sciencelogic.com</a>> wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Package: snmp<br>
Version: 5.9+dfsg-3-silo<br></blockquote><div>This isn't a valid Debian version.</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Blumenthal AES, in spite of being a 'draft' part of the SNMP Standard,<br>
is becoming widely implemented by many vendors. It is the main way to<br>
have strong encryption in connection with SNMPv3. Debian should include<br>
the --enable-blumenthal-aes option added around line 53 of debian/rules<br>
so that it is used when invoking the ./configure script from the<br>
upstream source package.<br></blockquote><div>Are you sure the Debian packages don't already have this enabled?</div><div><br></div><div>Also, that flag doesn't exist in 5.9 of net-snmp</div> ./configure --enable-blumenthal-aes<br>configure: WARNING: unrecognized options: --enable-blumenthal-aes<br><div> </div><div>The draft standard seems to be all about enabling AES, or as the draft states:</div><div> 1)Provide a set of new privacy protocols for USM based on the<br> Advanced Encryption Standard.<br><br></div><div>Output of the build system shows AES is actually there:</div><div><br></div><div> Crypto support from: crypto<br> Authentication support: MD5 SHA1 SHA224 SHA256 SHA384 SHA512<br> Encryption support: DES AES AES128 AES192 AES192C AES256 AES256C<br></div><div><br></div><div>So I'm a bit confused about what is not enabled and why your configure option works.</div><div>The --with-openssl and having openssl 0.9.7 or later will do it.</div><div><br></div><div> - Craig</div><div><br></div></div></div>
</blockquote></div>