dimosthenis.pet...@nsn.com wrote: > Full_Name: Dimosthenis Pettas > Version: 2.4.23 > OS: SOLARIS > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (62.159.77.167)
Thanks for the report, fixed in git master. > > I use OpenLDAP version 2.4.23 client to connect via TLS to an LDAP > server(slapd). > i initialize connection with an IPV6 address using url > ldap://[fd00:1111:1111:72:20c:29ff:fec5:4ade]:389 and then try to extend > connection to TLS with calling ldap_start_tls_s. when trying to match > client-server certificates hosts inside tlso_session_chkhost in tls_o.c we try > to determine client host type(IS_DNS,IS_IP4,IS_IP6) but for IPV6 it expects to > find "[" at first position and "]" at latst one to determine IPV6 address: > > #ifdef LDAP_PF_INET6 > if (name[0] == '['&& strchr(name, ']')) { > char *n2 = ldap_strdup(name+1); > *strchr(n2, ']') = 0; > if (inet_pton(AF_INET6, n2,&addr)) > ntype = IS_IP6; > LDAP_FREE(n2); > } else > > but it seems that [] have been removed inside ldap_url_parse_ext in Url.c: > > > /* If [ip address]:port syntax, url is [ip and we skip the [ */ > ludp->lud_host = LDAP_STRDUP( url + is_v6 ); > > So name is not [fd00:1111:1111:72:20c:29ff:fec5:4ade] but > fd00:1111:1111:72:20c:29ff:fec5:4ade and code above fails to determine ntype = > IS_IP6. > > i modified code to: > > #ifdef LDAP_PF_INET6 > > if (inet_pton(AF_INET6, name,&addr)) > { > ntype = IS_IP6; > > } else > #endif > if ((ptr = strrchr(name, '.'))&& isdigit((unsigned char)ptr[1])) { > if (inet_aton(name, (struct in_addr *)&addr)) > { > ntype = IS_IP4; > > } > } > > letting functions inet_pton and inet_aton determing IP type.Scenario worked. > Let me know if i miss anything or this should be corrected. > > Sorry for submitting again ,i wanted to correct email address > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/