Bug 347711 - Port net-snmp to use NSS library for cryptography
Summary: Port net-snmp to use NSS library for cryptography
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: net-snmp
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jan Safranek
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: CryptoConsolidation
TreeView+ depends on / blocked
 
Reported: 2007-10-23 10:21 UTC by Peter Vrabec
Modified: 2014-09-01 08:18 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-09-01 08:18:02 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Peter Vrabec 2007-10-23 10:21:07 UTC
net-snmp should be ported to use NSS library for cryptography.
See the tracking bug for details and links on how it could be done.

Comment 1 John Poelstra 2008-08-12 04:01:56 UTC
triaged

Comment 2 Bob Lord 2008-08-27 20:57:44 UTC
What cryptography does SNMP require?

Comment 3 Jan Safranek 2008-08-28 07:16:14 UTC
(In reply to comment #2)
> What cryptography does SNMP require?

See rfc 3414.

Comment 4 Bob Lord 2008-08-28 15:30:29 UTC
It looks like it just needs DES in CBC mode.  Is that the only encryption it needs?  

Does it do any other PKI operations like digital signing?

Comment 5 Bob Lord 2008-08-29 15:44:50 UTC
What about RFC 3826? Is that mode supported in Fedora/RHEL?

Comment 6 Jan Safranek 2008-09-03 08:32:38 UTC
(In reply to comment #5)
> What about RFC 3826? Is that mode supported in Fedora/RHEL?

Yes, it is. It would be best if you looked into the sources by yourself (there is no list of supported RFCs). You can look into the sources by yourself, or look at what symbols it uses from openssl.

Comment 7 Jan Safranek 2014-09-01 08:18:02 UTC
I think it's time to close this bug. I personally think that NSS has all the necessary features, we just miss the code. Patches are welcome upstream.


Note You need to log in before you can comment on or make changes to this bug.