* [Buildroot] [PATCH] netsnmp: enable tsm + DTLSUDP/TLSTCP with openssl
@ 2015-12-09 18:30 gustavo.zacarias at free-electrons.com
2015-12-12 15:59 ` Thomas Petazzoni
0 siblings, 1 reply; 2+ messages in thread
From: gustavo.zacarias at free-electrons.com @ 2015-12-09 18:30 UTC (permalink / raw)
To: buildroot
From: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
Otherwise the openssl support is basically unused.
net-snmp provides a stripped-down openssl implementation that can be
used to enable tsm/DTLSUDP/TLSTCP but given it's security track record
it's best to rely on the external one, it also saves space.
usm is the user validation module, it's default on, however when passing
--with-security-modules we must keep it otherwise it won't be.
Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
---
package/netsnmp/netsnmp.mk | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/package/netsnmp/netsnmp.mk b/package/netsnmp/netsnmp.mk
index 6eff5e3..fb72179 100644
--- a/package/netsnmp/netsnmp.mk
+++ b/package/netsnmp/netsnmp.mk
@@ -49,7 +49,9 @@ endif
ifeq ($(BR2_PACKAGE_OPENSSL),y)
NETSNMP_DEPENDENCIES += openssl
NETSNMP_CONF_OPTS += \
- --with-openssl=$(STAGING_DIR)/usr/include/openssl
+ --with-openssl=$(STAGING_DIR)/usr/include/openssl \
+ --with-security-modules="tsm,usm" \
+ --with-transports="DTLSUDP,TLSTCP"
ifeq ($(BR2_STATIC_LIBS),y)
# openssl uses zlib, so we need to explicitly link with it when static
NETSNMP_CONF_ENV += LIBS=-lz
--
2.4.10
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [Buildroot] [PATCH] netsnmp: enable tsm + DTLSUDP/TLSTCP with openssl
2015-12-09 18:30 [Buildroot] [PATCH] netsnmp: enable tsm + DTLSUDP/TLSTCP with openssl gustavo.zacarias at free-electrons.com
@ 2015-12-12 15:59 ` Thomas Petazzoni
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Petazzoni @ 2015-12-12 15:59 UTC (permalink / raw)
To: buildroot
Gustavo,
On Wed, 9 Dec 2015 15:30:23 -0300, gustavo.zacarias at free-electrons.com
wrote:
> From: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
>
> Otherwise the openssl support is basically unused.
>
> net-snmp provides a stripped-down openssl implementation that can be
> used to enable tsm/DTLSUDP/TLSTCP but given it's security track record
> it's best to rely on the external one, it also saves space.
>
> usm is the user validation module, it's default on, however when passing
> --with-security-modules we must keep it otherwise it won't be.
>
> Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
> ---
> package/netsnmp/netsnmp.mk | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
Applied, thanks.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-12-12 15:59 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-12-09 18:30 [Buildroot] [PATCH] netsnmp: enable tsm + DTLSUDP/TLSTCP with openssl gustavo.zacarias at free-electrons.com
2015-12-12 15:59 ` Thomas Petazzoni
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox