Back to the list again...  (Please remember to 'reply all'...)

That config looks OK to me.

Can you paste the exact log message, along with some surrounding context in the 
log?

Regardless of what gets logged, is it listening on the IPv6 interface?

Maybe this is another FreeBSD-specific issue, I don't think we've tested IPv6 
there...

-glyph

On Mar 25, 2013, at 3:10 AM, Axel Rau <axel....@chaos1.de> wrote:

> Am 24.03.2013 um 21:56 schrieb gl...@twistedmatrix.com:
> 
>> Sorry, accidentally replied directly; back on-list...
>> 
>> On Mar 24, 2013, at 1:21 AM, Axel Rau <axel....@chaos1.de> wrote:
>> 
>>> 
>>> Am 24.03.2013 um 04:00 schrieb gl...@twistedmatrix.com:
>>> 
>>>> 
>>>> On Mar 21, 2013, at 2:58 PM, Axel Rau <axel....@chaos1.de> wrote:
>>>> 
>>>>> I see some IPv6 patches in backport, while getting
>>>>> 
>>>>> twisted.internet.error.CannotListenError: Couldn't listen on 
>>>>> dead:beef:f:d::cc:8443: [Errno 43] Protocol not supported.
>>>>> 
>>>>> Is this expected to work in 4.2?
>>>> 
>>>> Yes, but only if your host actually has an IPv6 address.  Do you?
>>> Yes, its cp4.lrau.net.
>>> So, I will have to debug that on my FreeBSD port. I first check, if the 
>>> patch code in backport is being called...
>>> Any suggestions welcome...
>> 
>> The backport is identical to the code in newer versions of Twisted, so it 
>> shouldn't matter.  It would still be good to know for diagnostic purposes, 
>> of course.
>> 
>>>>> If yes, does the TLS/cert code handle dual stack addresses?
>>>> 
>>>> Sure, that's at a totally different layer.  TLS certificates are for a 
>>>> hostname, not an IP.
>>> My experience is, that some server/client implementations check reverse 
>>> mapping and fail if there is more than one address per fqdn:
>>> [axels-macpro:~] axel% host cp4.lrau.net
>>> cp4.lrau.net has address 91.216.35.77
>>> cp4.lrau.net has IPv6 address 2a02:d40:2:2::77
>>> [axels-macpro:~] axel% host 91.216.35.77
>>> 77.35.216.91.in-addr.arpa domain name pointer cp4.lrau.net.
>>> [axels-macpro:~] axel% host 2a02:d40:2:2::77
>>> 7.7.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.0.0.0.0.4.d.0.2.0.a.2.ip6.arpa 
>>> domain name pointercp4.lrau.net.
>>> [axels-macpro:~] axel% ping6 cp4
>>> PING6(56=40+8+8 bytes) 2a02:d40:2:10::121 --> 2a02:d40:2:2::77
>>> 16 bytes from 2a02:d40:2:2::77, icmp_seq=0 hlim=62 time=18.691 ms
>> 
>> I don't believe we have any such check.
>> 
>> What relevant configuration keys do you have set?
> 
> ---
>    <!-- Network host name [empty = system host name] -->
>    <key>ServerHostName</key>
>    <string>cp4.lrau.net</string> <!-- The hostname clients use when 
> connecting -->
> 
>    <!-- HTTP port [0 = disable HTTP] -->
>    <key>HTTPPort</key>
>    <integer>0</integer>
> 
>    <!-- SSL port [0 = disable HTTPS] -->
>    <!-- (Must also configure SSLCertificate and SSLPrivateKey below) -->
> 
>    <key>SSLPort</key>
>    <integer>8443</integer>
> 
>    <!-- Enable listening on SSL port(s) -->
>    <key>EnableSSL</key>
>    <true/>
> 
>    <key>SSLMethod</key>
>    <string>TLSv1_METHOD</string>
> 
>    <key>SSLCiphers</key>
>    <string>HIGH:MEDIUM</string>
> 
>    <!-- Redirect non-SSL ports to an SSL port (if configured for SSL) -->
>    <key>RedirectHTTPToHTTPS</key>
>    <false/>
> 
> 
>    <!--
>        Network address configuration information
> 
>        This configures the actual network address that the server binds to.
>      -->
> 
>    <!-- List of IP addresses to bind to [empty = all] -->
>    <key>BindAddresses</key>
>    <array>
>    <string>91.216.35.77</string>
>    <string>2a02:d40:2:2::77</string>
>    </array>
> 
>    <!-- List of port numbers to bind to for HTTP [empty = same as "Port"] -->
>    <key>BindHTTPPorts</key>
>    <array>
>    </array>
> 
>    <!-- List of port numbers to bind to for SSL [empty = same as "SSLPort"] 
> -->
>    <key>BindSSLPorts</key>
>    <array>
>    <integer>8443</integer>
>    </array>
> ---
> 
> Axel
> ---
> PGP-Key:29E99DD6  ☀ +49 151 2300 9283  ☀ computing @ chaos claudius
> 

_______________________________________________
calendarserver-dev mailing list
calendarserver-dev@lists.macosforge.org
https://lists.macosforge.org/mailman/listinfo/calendarserver-dev

Reply via email to