Bug 198737 - Package openssl lacks IPv6 support
Package openssl lacks IPv6 support
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: openssl (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
:
Depends On:
Blocks: IPv6Blocker
  Show dependency treegraph
 
Reported: 2006-07-13 03:08 EDT by Jan Pazdziora
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-08-07 11:52:46 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch to replace IPv4 routines with AF-agnostic (or IPv6) in BIO_* (22.51 KB, patch)
2006-07-13 03:29 EDT, Jan Pazdziora
no flags Details | Diff
Patch to replace IPv4 routines with AF-agnostic (or IPv6) in apps (12.81 KB, patch)
2006-07-13 03:33 EDT, Jan Pazdziora
no flags Details | Diff
Patch to replace IPv4 routines with AF-agnostic (or IPv6) in BIO_* (24.38 KB, patch)
2006-07-17 05:02 EDT, Jan Pazdziora
no flags Details | Diff
Patch to replace IPv4 routines with AF-agnostic (or IPv6) in BIO_* (27.26 KB, patch)
2006-07-20 06:27 EDT, Jan Pazdziora
no flags Details | Diff
Patch to replace IPv4 routines with AF-agnostic (or IPv6) in BIO_* (23.64 KB, patch)
2006-07-20 06:59 EDT, Jan Pazdziora
no flags Details | Diff

  None (edit)
Description Jan Pazdziora 2006-07-13 03:08:43 EDT
Description of problem:

This package seems to lack IPv6 support.

How reproducible:

openssl s_client -connect 'ipv6hostname:443'

Actual results:

gethostbyname failure

Expected results:

Should work just like IPv4.
Comment 1 Jan Pazdziora 2006-07-13 03:29:31 EDT
Created attachment 132350 [details]
Patch to replace IPv4 routines with AF-agnostic (or IPv6) in BIO_*

This patch changes:

crypto/bio/bio.h: comment out no longer needed functions, and adding *_ipv6
variants

crypto/bio/b_sock.c: comment out no longer needed functions, plus changing char
ip[4] and sockaddr_in to more portable getaddrinfo style

crypto/bio/bss_conn.c: changes to use getaddrinfo, changes in param_hostname
parsing, also allowing IPv6 addresses in brackets

doc/crypto/BIO_s_connect.pod: documentation of the changes

util/libeay.num: marking functions as NOEXIST

The package passes existing tests but I am not sure to what extend the BIO
parts really gets tested.

To be done: BIO_get_accept_socket would also use IPv6 in brackets, but I'd
really need some tests for the affected parts of the openssl package.
Comment 2 Jan Pazdziora 2006-07-13 03:33:06 EDT
Created attachment 132352 [details]
Patch to replace IPv4 routines with AF-agnostic (or IPv6) in apps

The patch changes the use of char ip[4] and sockaddr_in to getaddrinfo. It
required some changes in the function parameters, for example port is not
handled as char *, not int.

With this patch,

openssl s_client -connect 'ipv6host:443'

or

openssl s_client -connect '[::FFFF:IPv4address]:https'

work now.
Comment 3 Jan Pazdziora 2006-07-17 05:02:01 EDT
Created attachment 132538 [details]
Patch to replace IPv4 routines with AF-agnostic (or IPv6) in BIO_*
Comment 4 Tomas Mraz 2006-07-20 04:35:05 EDT
reviewing
Comment 5 Jan Pazdziora 2006-07-20 06:27:34 EDT
Created attachment 132738 [details]
Patch to replace IPv4 routines with AF-agnostic (or IPv6) in BIO_*

Fixed indentation -- previous patches were done using -b which lets us with
broken indentation.

Fixed bug with OPENSSL_free(*host_ptr); and freeaddrinfo(res0).

Changed the logic in conn_state, to process all getaddrinfo records, should
connect fail.

Tomáš, thanks for the review.
Comment 6 Jan Pazdziora 2006-07-20 06:59:13 EDT
Created attachment 132739 [details]
Patch to replace IPv4 routines with AF-agnostic (or IPv6) in BIO_*

Fixing up INET6_ADDRSTRLEN + 16.

Removing *_ipv6 functions, to make changes to ABI as small as possible.
Comment 7 Tomas Mraz 2006-08-07 11:52:46 EDT
I've decided to use only the apps patch as the BIO_ routines doesn't seem to be
used in openssl itself and we don't know of any important third party software
which would use them. Fixing the BIO routines is left on upstream.

Note You need to log in before you can comment on or make changes to this bug.