Bug 1914656 - [Patch] TLS/DTLS: inconsistent allowed_uses behaviour when in debug mode / not in debug mode
Summary: [Patch] TLS/DTLS: inconsistent allowed_uses behaviour when in debug mode / no...
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: net-snmp
Version: 8.5
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: 8.0
Assignee: Josef Ridky
QA Contact: Evgeny Fedin
Depends On:
TreeView+ depends on / blocked
Reported: 2021-01-10 14:56 UTC by Graham Leggett
Modified: 2021-11-10 09:17 UTC (History)
0 users

Fixed In Version: net-snmp-5.8-21.el8
Doc Type: No Doc Update
Doc Text:
Clone Of:
Last Closed: 2021-11-09 19:48:29 UTC
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)
SRPM with patches for RHEL8 (6.40 MB, application/x-rpm)
2021-01-10 15:03 UTC, Graham Leggett
no flags Details

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2021:4439 0 None None None 2021-11-09 19:48:35 UTC

Description Graham Leggett 2021-01-10 14:56:25 UTC
Description of problem:

Certificate allowed_uses are not indexed by net-snmp. As a result, the trustCert option works the first time snmpd is started, but fails thereafter.

In addition, there is no support for intermediate certificates (they are ignored) and as a result no possibility to use net-snmp with Let's Encrypt.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Configure net-snmp for DTLS using localCert and trustCert.
2. Load net-snmp once with empty index.
3. Reload net-snmp.

Actual results:

trustCert is no longer recognised, as the "CA" flag is unindexed and missing.

Expected results:

trustCert works properly.

Additional info:

Patches to update net-snmp to fix this index issue, as well as to properly support CA certificates are available here:


Comment 1 Graham Leggett 2021-01-10 15:03:22 UTC
Created attachment 1746052 [details]
SRPM with patches for RHEL8

Comment 3 Josef Ridky 2021-01-28 12:20:19 UTC
Moving to 8.5.

Comment 10 errata-xmlrpc 2021-11-09 19:48:29 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (net-snmp bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.