Hello,
attached please find a patch that makes it possible to use IPv6
addresses with openssl's s_client and s_server. The patch is against
openssl-0.9.8b as found in the Fedora Core Rawhide
openssl-0.9.8b-3.src.rpm package.
Without this patch, using IPv6-only hostname fails with
$ openssl s_client -connect 'ipv6hostname:443'
gethostbyname failure
connect:errno=0
and using IPv6 address fails with
$ openssl s_client -connect '[::FFFF:195.30.6.166]:https'
getservbyname failure for :FFFF:195.30.6.166]:https
usage: s_client args
With this patch, the command line parameters are correctly processed
and used, for hostnames, IPv6 addresses and IPv4 mapped addresses,
using a bracket notation:
$ openssl s_client -connect '[::FFFF:195.30.6.166]:https'
CONNECTED(00000003)
depth=0 /ST=The Internet/O=The OpenSSL
Project/CN=www.openssl.org/[EMAIL PROTECTED]
[...]
The Red Hat maintainer of the openssl package (Cc:) is ready to apply
the patch for the next Fedora Core, which would give the IPv6 feature
to people who do not want to compile and patch their software. But we
wanted to make sure that such a change will be seen as a correct thing
to do by the OpenSSL Team.
Therefore, I'd welcome your opinion about the patch and a possibility
of it being applied to the core openssl source.
Yours,
--
Jan Pazdziora
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
