Bug 1908334 - gnutls-serv doesn't listen on IPvN loopback addresses if there are no IPvN external addresses configured
Summary: gnutls-serv doesn't listen on IPvN loopback addresses if there are no IPvN ex...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: gnutls
Version: 8.5
Hardware: Unspecified
OS: Unspecified
low
unspecified
Target Milestone: rc
: 8.0
Assignee: Daiki Ueno
QA Contact: Alexander Sosedkin
URL:
Whiteboard:
Depends On: 1956783
Blocks: 1903942
TreeView+ depends on / blocked
 
Reported: 2020-12-16 12:55 UTC by Alexander Sosedkin
Modified: 2021-11-10 09:22 UTC (History)
4 users (show)

Fixed In Version: gnutls-3.6.16-1.el8
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-11-09 19:50:08 UTC
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Gitlab gnutls gnutls issues 1007 0 None None None 2020-12-16 16:13:34 UTC
Red Hat Bugzilla 1909213 0 high CLOSED s390x systems lost link-local IPv6 addresses 2021-02-22 00:41:40 UTC
Red Hat Issue Tracker CRYPTO-5192 0 None None None 2021-11-09 00:44:16 UTC
Red Hat Product Errata RHSA-2021:4451 0 None None None 2021-11-09 19:50:40 UTC

Internal Links: 1909213

Description Alexander Sosedkin 2020-12-16 12:55:32 UTC
Description of problem:
  gnutls-serv doesn't listen on IPv4/IPv6 loopback addresses in case there are no IPv4/IPv6 (resp.) external addresses configured.

Version-Release number of selected component (if applicable): gnutls-3.6.14-6.el8.x86_64
How reproducible: always

Steps to Reproduce (IPv6, same works for IPv4):
  1. `ip a del` all your IPv6 addresses
  2. gnutls-serv

Actual results:
  HTTP Server listening on IPv4 0.0.0.0 port 5556...done

Expected results:
  HTTP Server listening on IPv4 0.0.0.0 port 5556...done
  HTTP Server listening on IPv6 :: port 5556...done

Additional info:
  This is a downstream request for https://gitlab.com/gnutls/gnutls/-/issues/1007, which demonstrates the IPv4 case in the wild.
  IPv6 socket bound to `::` would've dual-stacked if not for the IPV6_V6ONLY.
  Personally, I like binding to `::` w/o IPV6_V6ONLY or the patch in https://gitlab.com/gnutls/gnutls/-/issues/1007#note_356637206.

Comment 2 Alexander Sosedkin 2020-12-16 13:03:00 UTC
bz1908036 is a sister bug for openssl (same issue, also caused by AI_ADDRCONFIG application).

Comment 3 Florian Weimer 2020-12-18 16:17:20 UTC
Beniamino asked for a NetworkManager bug regarding the underlying issue, so I filed 1909213.

Comment 4 Daiki Ueno 2021-05-14 14:18:11 UTC
Fixed upstream in:
https://gitlab.com/gnutls/gnutls/-/merge_requests/1433

Comment 13 errata-xmlrpc 2021-11-09 19:50:08 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: gnutls and nettle security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:4451


Note You need to log in before you can comment on or make changes to this bug.