Description of problem:
Certificate allowed_uses are not indexed by net-snmp. As a result, the trustCert option works the first time snmpd is started, but fails thereafter.
In addition, there is no support for intermediate certificates (they are ignored) and as a result no possibility to use net-snmp with Let's Encrypt.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Configure net-snmp for DTLS using localCert and trustCert.
2. Load net-snmp once with empty index.
3. Reload net-snmp.
trustCert is no longer recognised, as the "CA" flag is unindexed and missing.
trustCert works properly.
Patches to update net-snmp to fix this index issue, as well as to properly support CA certificates are available here:
Created attachment 1746052 [details]
SRPM with patches for RHEL8
Moving to 8.5.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (net-snmp bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.