On Apr 10, 2013, at 1:19 PM, Balakumaran Kannan wrote:
>
> On Tue, Apr 9, 2013 at 10:13 PM, Mike Frysinger via RT <[email protected]>
> wrote:
> i've improved the original patch to make the -4/-6 behavior consistent across
> the tools. i also tweaked the behavior slightly to make it run correctly
> (imo).
> -mike
>
>
> I tried your patch it works well. Thank you very much for this work.
>
> I thought of doing some changes in the patch.
>
> 1. Leaving openssl binary as it is.
> Run openssl in IPv4 mode if not specified explicitly.
> If IPv6 support is needed, user should use '-6' option.
>
> 2. Use IPv6 hosts inside square brackets ( [] )
> As IPv6 addresses use ':' as a separator for its segments we could not
> use it as separator for host and port. So if user forgets to enter port with
> '-connect' option, the last segment of IPv6 address will be taken as port.
> This is not desired.
> So it will be better to use square brackets( [] ) to surround IPv6 hosts.
>
> I made an incremental patch after applying your patch to openssl-1.0.1e.
> Please let me know your idea over this.
>
> And still I'm working on this patch to verify its functionality. So please
> let me know if you modify anything regards this.
>
> Thank you.
The main point is whether the OpenSSL maintainers are interested in IPv6
support or not.
If they are, the patch can be optimized in whatever way they want. I they are
not, the
patch goes nowhere, so optimizing it doesn't make much sense...
Best regards
Michael
>
> Regards,
> Bala
>
> ---
> diff -x '*.out' -x '*tags' -x '*.pem' -x '*.0' -ur
> openssl-1.0.1e.mike/apps/s_apps.h openssl-1.0.1e/apps/s_apps.h
> --- openssl-1.0.1e.mike/apps/s_apps.h 2013-04-10 14:17:59.000000000 +0530
> +++ openssl-1.0.1e/apps/s_apps.h 2013-04-10 14:59:57.000000000 +0530
> @@ -159,7 +159,8 @@
> int init_client(int *sock, char *server, int port, int type, int use_ipv4,
> int use_ipv6);
> int should_retry(int i);
> int extract_port(char *str, short *port_ptr);
> -int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
> +int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p,
> + int use_ipv4, int use_ipv6);
>
> long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
> int argi, long argl, long ret);
> diff -x '*.out' -x '*tags' -x '*.pem' -x '*.0' -ur
> openssl-1.0.1e.mike/apps/s_client.c openssl-1.0.1e/apps/s_client.c
> --- openssl-1.0.1e.mike/apps/s_client.c 2013-04-10 14:17:59.000000000 +0530
> +++ openssl-1.0.1e/apps/s_client.c 2013-04-10 16:35:13.000000000 +0530
> @@ -637,12 +637,10 @@
>
> meth=SSLv23_client_method();
>
> + /* By default use IPv4 */
> use_ipv4 = 1;
> -#if OPENSSL_USE_IPV6
> - use_ipv6 = 1;
> -#else
> use_ipv6 = 0;
> -#endif
> +
> apps_startup();
> c_Pause=0;
> c_quiet=0;
> @@ -673,6 +671,17 @@
>
> argc--;
> argv++;
> +
> + /* Determine what to be used? IPv4 or IPv6 */
> +#if OPENSSL_USE_IPV6
> + for (i = 0; i < argc; i++) {
> + if (!strcmp(argv[i], "-6")) {
> + use_ipv4 = 0;
> + use_ipv6 = 1;
> + }
> + }
> +#endif /* OPENSSL_USE_IPV6 */
> +
> while (argc >= 1)
> {
> if (strcmp(*argv,"-host") == 0)
> @@ -689,7 +698,8 @@
> else if (strcmp(*argv,"-connect") == 0)
> {
> if (--argc < 1) goto bad;
> - if (!extract_host_port(*(++argv),&host,NULL,&port))
> + if (!extract_host_port(*(++argv),&host,NULL,&port, use_ipv4,
> + use_ipv6))
> goto bad;
> }
> else if (strcmp(*argv,"-verify") == 0)
> diff -x '*.out' -x '*tags' -x '*.pem' -x '*.0' -ur
> openssl-1.0.1e.mike/apps/s_server.c openssl-1.0.1e/apps/s_server.c
> --- openssl-1.0.1e.mike/apps/s_server.c 2013-04-10 14:17:59.000000000 +0530
> +++ openssl-1.0.1e/apps/s_server.c 2013-04-10 15:06:32.000000000 +0530
> @@ -980,12 +980,9 @@
> #endif
> meth=SSLv23_server_method();
>
> + /* By default use IPv4 */
> use_ipv4 = 1;
> -#if OPENSSL_USE_IPV6
> - use_ipv6 = 1;
> -#else
> use_ipv6 = 0;
> -#endif
> local_argc=argc;
> local_argv=argv;
>
> diff -x '*.out' -x '*tags' -x '*.pem' -x '*.0' -ur
> openssl-1.0.1e.mike/apps/s_socket.c openssl-1.0.1e/apps/s_socket.c
> --- openssl-1.0.1e.mike/apps/s_socket.c 2013-04-10 14:17:59.000000000 +0530
> +++ openssl-1.0.1e/apps/s_socket.c 2013-04-10 16:38:11.000000000 +0530
> @@ -572,12 +572,31 @@
> }
>
> int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
> - short *port_ptr)
> + short *port_ptr, int use_ipv4, int use_ipv6)
> {
> char *h,*p;
> + int domain;
>
> h=str;
> - p=strrchr(str,':');
> + if (use_ipv4) {
> + domain = AF_INET;
> + p=strrchr(str,':');
> + }
> +#if OPENSSL_USE_IPV6
> + else if (use_ipv6) {
> + domain = AF_INET6;
> + str++;
> + h = strchr(str, ']');
> + if (h) {
> + p = strchr(h, ':');
> + *h = '\0';
> + }
> + h = str;
> + }
> +#endif /* OPENSSL_USE_IPV6 */
> + else
> + goto err;
> +
> if (p == NULL)
> {
> BIO_printf(bio_err,"no port defined\n");
> @@ -585,12 +604,13 @@
> }
> *(p++)='\0';
>
> - if ((ip != NULL) && !host_ip(str,ip,AF_INET))
> + if ((ip != NULL) && !host_ip(str,ip,domain))
> goto err;
> if (host_ptr != NULL) *host_ptr=h;
>
> if (!extract_port(p,port_ptr))
> goto err;
> +
> return(1);
> err:
> return(0);
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
