OpenSSL s_server works without error if my client sends to localhost but not
if it sends to the hostname of the machine. (Other than a name error because
I have not re-done the server certificate.) I am calling that a totally
satisfactory outcome as it works for me for testing.

I consider this issue closed (although not technically resolved).

Thanks for your help and patience.

Charles

-----Original Message-----
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson
Sent: Monday, August 13, 2012 7:09 PM
To: openssl-users@openssl.org
Subject: RE: s_server gethostbyname failure

> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> Sent: Monday, 13 August, 2012 11:32

> Found some things on the Web that led me to believe some programs 
> choke when they get IPv6 addresses back from gethostbyname(), so I 
> tried disabling IPv6 on Windows -- but no improvement.
> 
> I have tried coding a server program more or less following the 
> example in the O'Reilly OpenSSL book and the first BIO_do_accept() 
> fails with
> 
> 8276:error:02003AFC:system
> library:getservbyname:reason(2812):.\crypto\bio\b_sock.c:224:s
> ervice='&d'
> 
> which I am going to guess is the same problem.
> 
No, that's not the same problem. That says &d is not a valid "service"
(which in TCP means port). And it isn't. It looks like some calling code was
supposed to replace &d with a real value, probably a decimal number, but
didn't.

> From: owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] On Behalf Of CharlesTSR
> Sent: Monday, August 13, 2012 9:15 AM

> I have exactly the same problem as
> http://old.nabble.com/s_server-and-gethostbyname-failure-error
> -td14675962.ht
> ml
> http://old.nabble.com/s_server-and-gethostbyname-failure-error
> -td14675962.ht
> ml
> . I have searched and don't find any replies.
> 
> I run the following command:
> openssl s_server -accept 6514 -cert servercacert.pem -key 
> servercakey.pem -state -debug -no_dhe
> 
> OpenSSL responds
> 
> Enter pass phrase for servercakey.pem:
> Loading 'screen' into random state - done Using default temp ECDH 
> parameters ACCEPT
> 
> When my client issues BIO_do_connect(conn) then openssl s_server fails 
> with
> 
> gethostbyname failure
> 
According to apps/s_socket.c that occurs if the address from which the
client connected succeeds in gethostbyaddr (nominally reverse-DNS) but the
resulting name fails in gethostbyname (nominally normal DNS).
In my experience Windows often "enhances" DNS with data it decides would be
helpful, and its decision isn't always perfect.

> There is nothing particularly unusual about the Windows 7 64-bit 
> system on which openssl is running. I have used gethostbyaddr 
> frequently with no unexpected errors. I'm using a pre-built Windows 
> distribution of OpenSSL 1.0.1c.
> 
Try a simple test program that does gethostbyaddr on the address your client
is coming from and gethostbyname on the result, and see how they compare to
what is correct for your network. Try running either your client code or
s_client on other machine(s).




______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to