Hide Forgot
Description of problem: Certificate allowed_uses are not indexed by net-snmp. As a result, the trustCert option works the first time snmpd is started, but fails thereafter. In addition, there is no support for intermediate certificates (they are ignored) and as a result no possibility to use net-snmp with Let's Encrypt. Version-Release number of selected component (if applicable): net-snmp-libs-5.8-17.el8 How reproducible: Always. Steps to Reproduce: 1. Configure net-snmp for DTLS using localCert and trustCert. 2. Load net-snmp once with empty index. 3. Reload net-snmp. Actual results: trustCert is no longer recognised, as the "CA" flag is unindexed and missing. Expected results: trustCert works properly. Additional info: Patches to update net-snmp to fix this index issue, as well as to properly support CA certificates are available here: https://github.com/net-snmp/net-snmp/issues/255 https://github.com/net-snmp/net-snmp/issues/248 https://github.com/net-snmp/net-snmp/issues/242 https://github.com/net-snmp/net-snmp/issues/241 https://github.com/net-snmp/net-snmp/issues/245
Created attachment 1746052 [details] SRPM with patches for RHEL8
Moving to 8.5.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (net-snmp bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2021:4439