[fossil-dev] IPv6 "2.0.1.187" bug with HTTPS sync

Fri, 02 Feb 2018 04:29:28 -0800 

I think I’ve solved the “2.0.1.187” issue.  For reference, here’s the symptom:

    $ fossil up
    Autosync:  https://fossil-scm.org
    Round-trips: 3   Artifacts sent: 0  received: 2
    Pull done, sent: 1326  received: 3599  ip: 2.0.1.187

According to another post on this topic, “2.0.1.187” is some part of the IPv6 
header where it overlaps with the destination IP part of the IPv4 header.  My 
guess is that we’re seeing a sockaddr_in6 being incorrectly cast to sockaddr_in.

Then I had an insight: Fossil allows use of an in-tree version of OpenSSL.  On 
putting OpenSSL 1.0.2n in compat/openssl and building it with the default 
options, the symptom goes away.

…Provided you set SSL_CERT_DIR properly for your platform.  For the Raspbian 
Stretch box I’m testing this on, that is:

    export SSL_CERT_DIR=/etc/ssl/certs

I’ve tried to figure out how to avoid setting that, but my skimming of the 
OpenSSL docs, FAQ, and even source doesn’t clue me in, nor do the obvious web 
searches.

Why doesn’t the OpenSSL config script see that I have a local cert directory 
already and use that, and how can I clue it into its location at build time so 
I don’t need the environment variable?

Annnnnyway, to get back to the issue, I then queried dpkg for the platform 
version of OpenSSL, then went diving into the OpenSSL ChangeLog, looking at 
entries made since the 1.1.0f version Raspbian is currently shipping, where I 
found this:

  *) Rewrite of BIO networking library. The BIO library lacked consistent
     support of IPv6, and adding it required some more extensive
     modifications.  This introduces the BIO_ADDR and BIO_ADDRINFO types,
     which hold all types of addresses and chains of address information.
     It also introduces a new API, with functions like BIO_socket,
     BIO_connect, BIO_listen, BIO_lookup and a rewrite of BIO_accept.
     The source/sink BIOs BIO_s_connect, BIO_s_accept and BIO_s_datagram
     have been adapted accordingly.
     [Richard Levitte]

So, bottom line, it’s a platform bug, for which Fossil has a reasonable 
workaround.
_______________________________________________
fossil-dev mailing list
fossil-dev@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/fossil-dev

Reply via email to