Re: [openssl.org #2051] [PATCH] IPv6 support for s_client and s_server

Balakumaran Kannan Wed, 10 Apr 2013 04:19:40 -0700

On Tue, Apr 9, 2013 at 10:13 PM, Mike Frysinger via RT <r...@openssl.org>wrote:


> i've improved the original patch to make the -4/-6 behavior consistent
> across
> the tools.  i also tweaked the behavior slightly to make it run correctly
> (imo).
> -mike
>
>
 I tried your patch it works well. Thank you very much for this work.

I thought of doing some changes in the patch.

1. Leaving openssl binary as it is.
    Run openssl in IPv4 mode if not specified explicitly.
    If IPv6 support is needed, user should use '-6' option.

2. Use IPv6 hosts inside square brackets ( [] )
    As IPv6 addresses use ':' as a separator for its segments we could not
use it as separator for host and port. So if user forgets to enter port
with '-connect' option, the last segment of IPv6 address will be taken as
port. This is not desired.
    So it will be better to use square brackets( [] ) to surround IPv6
hosts.

I made an incremental patch after applying your patch to openssl-1.0.1e.
Please let me know your idea over this.

And still I'm working on this patch to verify its functionality. So please
let me know if you modify anything regards this.

Thank you.

Regards,
Bala

---
diff -x '*.out' -x '*tags' -x '*.pem' -x '*.0' -ur
openssl-1.0.1e.mike/apps/s_apps.h openssl-1.0.1e/apps/s_apps.h
--- openssl-1.0.1e.mike/apps/s_apps.h    2013-04-10 14:17:59.000000000 +0530
+++ openssl-1.0.1e/apps/s_apps.h    2013-04-10 14:59:57.000000000 +0530
@@ -159,7 +159,8 @@
 int init_client(int *sock, char *server, int port, int type, int use_ipv4,
int use_ipv6);
 int should_retry(int i);
 int extract_port(char *str, short *port_ptr);
-int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short
*p);
+int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p,
+            int use_ipv4, int use_ipv6);

 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
                    int argi, long argl, long ret);
diff -x '*.out' -x '*tags' -x '*.pem' -x '*.0' -ur
openssl-1.0.1e.mike/apps/s_client.c openssl-1.0.1e/apps/s_client.c
--- openssl-1.0.1e.mike/apps/s_client.c    2013-04-10 14:17:59.000000000
+0530
+++ openssl-1.0.1e/apps/s_client.c    2013-04-10 16:35:13.000000000 +0530
@@ -637,12 +637,10 @@

     meth=SSLv23_client_method();

+    /* By default use IPv4 */
     use_ipv4 = 1;
-#if OPENSSL_USE_IPV6
-    use_ipv6 = 1;
-#else
     use_ipv6 = 0;
-#endif
+
     apps_startup();
     c_Pause=0;
     c_quiet=0;
@@ -673,6 +671,17 @@

     argc--;
     argv++;
+
+    /* Determine what to be used? IPv4 or IPv6 */
+#if OPENSSL_USE_IPV6
+    for (i = 0; i < argc; i++) {
+        if (!strcmp(argv[i], "-6")) {
+            use_ipv4 = 0;
+            use_ipv6 = 1;
+        }
+    }
+#endif /* OPENSSL_USE_IPV6 */
+
     while (argc >= 1)
         {
         if    (strcmp(*argv,"-host") == 0)
@@ -689,7 +698,8 @@
         else if (strcmp(*argv,"-connect") == 0)
             {
             if (--argc < 1) goto bad;
-            if (!extract_host_port(*(++argv),&host,NULL,&port))
+            if (!extract_host_port(*(++argv),&host,NULL,&port, use_ipv4,
+                       use_ipv6))
                 goto bad;
             }
         else if    (strcmp(*argv,"-verify") == 0)
diff -x '*.out' -x '*tags' -x '*.pem' -x '*.0' -ur
openssl-1.0.1e.mike/apps/s_server.c openssl-1.0.1e/apps/s_server.c
--- openssl-1.0.1e.mike/apps/s_server.c    2013-04-10 14:17:59.000000000
+0530
+++ openssl-1.0.1e/apps/s_server.c    2013-04-10 15:06:32.000000000 +0530
@@ -980,12 +980,9 @@
 #endif
     meth=SSLv23_server_method();

+    /* By default use IPv4 */
     use_ipv4 = 1;
-#if OPENSSL_USE_IPV6
-    use_ipv6 = 1;
-#else
     use_ipv6 = 0;
-#endif
     local_argc=argc;
     local_argv=argv;

diff -x '*.out' -x '*tags' -x '*.pem' -x '*.0' -ur
openssl-1.0.1e.mike/apps/s_socket.c openssl-1.0.1e/apps/s_socket.c
--- openssl-1.0.1e.mike/apps/s_socket.c    2013-04-10 14:17:59.000000000
+0530
+++ openssl-1.0.1e/apps/s_socket.c    2013-04-10 16:38:11.000000000 +0530
@@ -572,12 +572,31 @@
     }

 int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
-         short *port_ptr)
+         short *port_ptr, int use_ipv4, int use_ipv6)
     {
     char *h,*p;
+    int domain;

     h=str;
-    p=strrchr(str,':');
+    if (use_ipv4) {
+        domain = AF_INET;
+        p=strrchr(str,':');
+    }
+#if OPENSSL_USE_IPV6
+    else if (use_ipv6) {
+        domain = AF_INET6;
+        str++;
+        h = strchr(str, ']');
+        if (h) {
+            p = strchr(h, ':');
+            *h = '\0';
+        }
+        h = str;
+    }
+#endif /* OPENSSL_USE_IPV6 */
+    else
+        goto err;
+
     if (p == NULL)
         {
         BIO_printf(bio_err,"no port defined\n");
@@ -585,12 +604,13 @@
         }
     *(p++)='\0';

-    if ((ip != NULL) && !host_ip(str,ip,AF_INET))
+    if ((ip != NULL) && !host_ip(str,ip,domain))
         goto err;
     if (host_ptr != NULL) *host_ptr=h;

     if (!extract_port(p,port_ptr))
         goto err;
+
     return(1);
 err:
     return(0);

Re: [openssl.org #2051] [PATCH] IPv6 support for s_client and s_server

Reply via email to