Description of problem: This package seems to lack IPv6 support. How reproducible: openssl s_client -connect 'ipv6hostname:443' Actual results: gethostbyname failure Expected results: Should work just like IPv4.
Created attachment 132350 [details] Patch to replace IPv4 routines with AF-agnostic (or IPv6) in BIO_* This patch changes: crypto/bio/bio.h: comment out no longer needed functions, and adding *_ipv6 variants crypto/bio/b_sock.c: comment out no longer needed functions, plus changing char ip[4] and sockaddr_in to more portable getaddrinfo style crypto/bio/bss_conn.c: changes to use getaddrinfo, changes in param_hostname parsing, also allowing IPv6 addresses in brackets doc/crypto/BIO_s_connect.pod: documentation of the changes util/libeay.num: marking functions as NOEXIST The package passes existing tests but I am not sure to what extend the BIO parts really gets tested. To be done: BIO_get_accept_socket would also use IPv6 in brackets, but I'd really need some tests for the affected parts of the openssl package.
Created attachment 132352 [details] Patch to replace IPv4 routines with AF-agnostic (or IPv6) in apps The patch changes the use of char ip[4] and sockaddr_in to getaddrinfo. It required some changes in the function parameters, for example port is not handled as char *, not int. With this patch, openssl s_client -connect 'ipv6host:443' or openssl s_client -connect '[::FFFF:IPv4address]:https' work now.
Created attachment 132538 [details] Patch to replace IPv4 routines with AF-agnostic (or IPv6) in BIO_*
reviewing
Created attachment 132738 [details] Patch to replace IPv4 routines with AF-agnostic (or IPv6) in BIO_* Fixed indentation -- previous patches were done using -b which lets us with broken indentation. Fixed bug with OPENSSL_free(*host_ptr); and freeaddrinfo(res0). Changed the logic in conn_state, to process all getaddrinfo records, should connect fail. Tomáš, thanks for the review.
Created attachment 132739 [details] Patch to replace IPv4 routines with AF-agnostic (or IPv6) in BIO_* Fixing up INET6_ADDRSTRLEN + 16. Removing *_ipv6 functions, to make changes to ABI as small as possible.
I've decided to use only the apps patch as the BIO_ routines doesn't seem to be used in openssl itself and we don't know of any important third party software which would use them. Fixing the BIO routines is left on upstream.