Your message dated Tue, 31 May 2016 08:35:08 +0200
with message-id <[email protected]>
and subject line Re: Bug#589520: openssl: IPv6-capable s_client and s_server
has caused the Debian Bug report #589520,
regarding s_client: Failure to connect to IPv6-only hosts
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
589520: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=589520
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: openssl
Severity: important
Tags: upstream ipv6
When trying to establish a secure connection using an IPv6-only host using
openssl s_client -connect ipv6-only.example.net:443
the only message you get is that OpenSSL s_client was unable to resolve that
hostname accompanied by a message that there was no error in the connection:
gethostbyname failure
connect:errno=0
This renders openssl s_client useless on IPv6-only networks. On hostnames
offering both IPv4 and IPv6 addresses OpenSSL silently ignores the IPv6 address
and connects to the IPv4 address in violation of RFCs stating the IPv6 should
be preferred.
IPv6 is around for a good 20 years now and yet not even the basics work
despite quite a few people sending patches on this matter:
https://bugs.debian.org/589520
https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=openssl_s_client_s_server_with_ipv6.diff;att=1;bug=589520
Would be nice if our tools could be upgraded to something more recent than
the stone-aged versions we are distributing ATM.
Kind regards,
Benny Baumann
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (900, 'testing'), (800, 'stable'), (750, 'experimental'), (700,
'unstable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.13-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 1.1.0~pre5-1
On 2016-04-26 19:52:26 [+0200], Uwe Kleine-König wrote:
> This seems to be fixed in OpenSSL 1.1.0-pre3 with commit
> ab69ac00f3c7 ("Refactoring BIO: Adapt s_client and s_server").
yup, and now in experimental.
> Thanks
> Uwe
Sebastian
--- End Message ---
