On Apr 10, 2013, at 1:19 PM, Balakumaran Kannan wrote: > > On Tue, Apr 9, 2013 at 10:13 PM, Mike Frysinger via RT <r...@openssl.org> > wrote: > i've improved the original patch to make the -4/-6 behavior consistent across > the tools. i also tweaked the behavior slightly to make it run correctly > (imo). > -mike > > > I tried your patch it works well. Thank you very much for this work. > > I thought of doing some changes in the patch. > > 1. Leaving openssl binary as it is. > Run openssl in IPv4 mode if not specified explicitly. > If IPv6 support is needed, user should use '-6' option. > > 2. Use IPv6 hosts inside square brackets ( [] ) > As IPv6 addresses use ':' as a separator for its segments we could not > use it as separator for host and port. So if user forgets to enter port with > '-connect' option, the last segment of IPv6 address will be taken as port. > This is not desired. > So it will be better to use square brackets( [] ) to surround IPv6 hosts. > > I made an incremental patch after applying your patch to openssl-1.0.1e. > Please let me know your idea over this. > > And still I'm working on this patch to verify its functionality. So please > let me know if you modify anything regards this. > > Thank you. The main point is whether the OpenSSL maintainers are interested in IPv6 support or not. If they are, the patch can be optimized in whatever way they want. I they are not, the patch goes nowhere, so optimizing it doesn't make much sense...
Best regards Michael > > Regards, > Bala > > --- > diff -x '*.out' -x '*tags' -x '*.pem' -x '*.0' -ur > openssl-1.0.1e.mike/apps/s_apps.h openssl-1.0.1e/apps/s_apps.h > --- openssl-1.0.1e.mike/apps/s_apps.h 2013-04-10 14:17:59.000000000 +0530 > +++ openssl-1.0.1e/apps/s_apps.h 2013-04-10 14:59:57.000000000 +0530 > @@ -159,7 +159,8 @@ > int init_client(int *sock, char *server, int port, int type, int use_ipv4, > int use_ipv6); > int should_retry(int i); > int extract_port(char *str, short *port_ptr); > -int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p); > +int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p, > + int use_ipv4, int use_ipv6); > > long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, > int argi, long argl, long ret); > diff -x '*.out' -x '*tags' -x '*.pem' -x '*.0' -ur > openssl-1.0.1e.mike/apps/s_client.c openssl-1.0.1e/apps/s_client.c > --- openssl-1.0.1e.mike/apps/s_client.c 2013-04-10 14:17:59.000000000 +0530 > +++ openssl-1.0.1e/apps/s_client.c 2013-04-10 16:35:13.000000000 +0530 > @@ -637,12 +637,10 @@ > > meth=SSLv23_client_method(); > > + /* By default use IPv4 */ > use_ipv4 = 1; > -#if OPENSSL_USE_IPV6 > - use_ipv6 = 1; > -#else > use_ipv6 = 0; > -#endif > + > apps_startup(); > c_Pause=0; > c_quiet=0; > @@ -673,6 +671,17 @@ > > argc--; > argv++; > + > + /* Determine what to be used? IPv4 or IPv6 */ > +#if OPENSSL_USE_IPV6 > + for (i = 0; i < argc; i++) { > + if (!strcmp(argv[i], "-6")) { > + use_ipv4 = 0; > + use_ipv6 = 1; > + } > + } > +#endif /* OPENSSL_USE_IPV6 */ > + > while (argc >= 1) > { > if (strcmp(*argv,"-host") == 0) > @@ -689,7 +698,8 @@ > else if (strcmp(*argv,"-connect") == 0) > { > if (--argc < 1) goto bad; > - if (!extract_host_port(*(++argv),&host,NULL,&port)) > + if (!extract_host_port(*(++argv),&host,NULL,&port, use_ipv4, > + use_ipv6)) > goto bad; > } > else if (strcmp(*argv,"-verify") == 0) > diff -x '*.out' -x '*tags' -x '*.pem' -x '*.0' -ur > openssl-1.0.1e.mike/apps/s_server.c openssl-1.0.1e/apps/s_server.c > --- openssl-1.0.1e.mike/apps/s_server.c 2013-04-10 14:17:59.000000000 +0530 > +++ openssl-1.0.1e/apps/s_server.c 2013-04-10 15:06:32.000000000 +0530 > @@ -980,12 +980,9 @@ > #endif > meth=SSLv23_server_method(); > > + /* By default use IPv4 */ > use_ipv4 = 1; > -#if OPENSSL_USE_IPV6 > - use_ipv6 = 1; > -#else > use_ipv6 = 0; > -#endif > local_argc=argc; > local_argv=argv; > > diff -x '*.out' -x '*tags' -x '*.pem' -x '*.0' -ur > openssl-1.0.1e.mike/apps/s_socket.c openssl-1.0.1e/apps/s_socket.c > --- openssl-1.0.1e.mike/apps/s_socket.c 2013-04-10 14:17:59.000000000 +0530 > +++ openssl-1.0.1e/apps/s_socket.c 2013-04-10 16:38:11.000000000 +0530 > @@ -572,12 +572,31 @@ > } > > int extract_host_port(char *str, char **host_ptr, unsigned char *ip, > - short *port_ptr) > + short *port_ptr, int use_ipv4, int use_ipv6) > { > char *h,*p; > + int domain; > > h=str; > - p=strrchr(str,':'); > + if (use_ipv4) { > + domain = AF_INET; > + p=strrchr(str,':'); > + } > +#if OPENSSL_USE_IPV6 > + else if (use_ipv6) { > + domain = AF_INET6; > + str++; > + h = strchr(str, ']'); > + if (h) { > + p = strchr(h, ':'); > + *h = '\0'; > + } > + h = str; > + } > +#endif /* OPENSSL_USE_IPV6 */ > + else > + goto err; > + > if (p == NULL) > { > BIO_printf(bio_err,"no port defined\n"); > @@ -585,12 +604,13 @@ > } > *(p++)='\0'; > > - if ((ip != NULL) && !host_ip(str,ip,AF_INET)) > + if ((ip != NULL) && !host_ip(str,ip,domain)) > goto err; > if (host_ptr != NULL) *host_ptr=h; > > if (!extract_port(p,port_ptr)) > goto err; > + > return(1); > err: > return(0); > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org