Debian Bug report logs - #589520
openssl: IPv6-capable s_client and s_server

version graph

Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>; Source for openssl is src:openssl.

Reported by: Mats Erik Andersson <mats.andersson@gisladisker.se>

Date: Sun, 18 Jul 2010 12:51:02 UTC

Severity: wishlist

Tags: ipv6, patch

Found in versions openssl/0.9.8o-1, openssl/1.0.1e-2

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#589520; Package openssl. (Sun, 18 Jul 2010 12:51:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mats Erik Andersson <mats.andersson@gisladisker.se>:
New Bug report received and forwarded. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. (Sun, 18 Jul 2010 12:51:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Mats Erik Andersson <mats.andersson@gisladisker.se>
To: submit@bugs.debian.org
Subject: openssl: IPv6-capable s_client and s_server
Date: Sun, 18 Jul 2010 14:45:23 +0200
[Message part 1 (text/plain, inline)]
Package: openssl
Version: 0.9.8o-1
Severity: wishlist
Tags: ipv6 patch

May I propose that the two applications "s_client" and "s_server"
be made IPv6-capable. I supply a patch that accomplishes this.

The resulting software has been tested with invokations like

   ./apps/openssl s_client -connect ipv6.google.com:https

   ./apps/openssl s_client -connect 2a00:1450:8003::6a:443

and

   ./apps/openssl s_server -cert path/server.pem -www -accept https -4

   ./apps/openssl s_server -cert path/server.pem -www -accept https -6

to full satisfaction.

OpenBSD has for some years patched "s_client" to be IPv6-capable,
but FreeBSD has not done so. Neither of them have touched "s_server".

Keeping in mind that upstream expressedly states "s_client" and "s_server"
to be testing tools, very seldomly touched upon, I see some merit in expanding
them to be fit for IPv6, even though only for Debian GNU/Linux. Clearly,
"certtool/gnutls-bin" offer these testing tools already, but I imagine many
network administrators or developers that are more used to fall back on OpenSSL
for testing.

An incorporation of the present suggestion would comply to the release goal
for Squeeze of improving IPv6 support.

An argument against this wishlist bug, would be that Debian tries to fiddle
as little as possible with non-dormant upstream source code.


Best regards,

Mats Erik Andersson, fil. dr
2459 41E9 C420 3F6D F68B  2E88 F768 4541 F25B 5D41

Abonnerar på: debian-mentors, debian-devel-games, debian-perl,
              debian-ipv6, debian-qa
[openssl_s_client_s_server_with_ipv6.diff (text/x-diff, attachment)]
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#589520; Package openssl. (Sun, 23 Jan 2011 03:15:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Witold Baryluk" <baryluk@smp.if.uj.edu.pl>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. (Sun, 23 Jan 2011 03:15:03 GMT) Full text and rfc822 format available.

Message #10 received at 589520@bugs.debian.org (full text, mbox):

From: "Witold Baryluk" <baryluk@smp.if.uj.edu.pl>
To: 589520@bugs.debian.org
Subject: ipv6 support in s_client
Date: Sun, 23 Jan 2011 04:05:29 +0100
[Message part 1 (text/plain, inline)]
Hi,
i was going to ask for this, but I see somebody already was thinking about this problem.

I reviewied patch, it is quite trivial (and actually solves other possible problems),
but have few suggestions.

numerical IPv6 in -host should be IMHO given in squere brackets.

openssl s_client -connect '[2a00:1450:8003::6a]:443"

This both makes it less ambigious (one could for example be incident
write 
openssl s_client -connect 2a00:1450:8003::52:62

THinking that port 443 is a default. THis will make s_client fail to connect
(for 3 reasons: bad IPv6 address, bad port, and evenntually bad certificate).

In -host option, IMHO it should be possible to write both using syntaxes:
openssl s_client -host 2a00:1450:8003::6a -port 443
openssl s_client -host "[2a00:1450:8003::6a]" -port 443

But first (without square brackets) would suffice,
and will be more consitant with other tools.



I also think man page should be changed from

+
+Use only IPv4 addresses when resolving the host name.
+
+=item B<-6>
+
+Use only IPv6 addresses when resolving the host name.


to

+
+Forces ssh to use IPv4 addresses only.
+
+=item B<-6>
+
+Forces ssh to use IPv6 addresses only.


(actually copied from ssh manual page).

This is becuase RESOLVING can still involve IPv6 (depends on your resolv.conf,
and your upstream DNS servers). -4/-6 option changes which of the DNS records to use for CONNECTING.


Thanks.

-- 
Witold Baryluk
JID: witold.baryluk // jabster.pl
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#589520; Package openssl. (Thu, 24 Oct 2013 08:48:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Olaf Zaplinski <olaf@zaplinski.de>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. (Thu, 24 Oct 2013 08:48:10 GMT) Full text and rfc822 format available.

Message #15 received at 589520@bugs.debian.org (full text, mbox):

From: Olaf Zaplinski <olaf@zaplinski.de>
To: Debian Bug Tracking System <589520@bugs.debian.org>
Subject: Re: openssl: IPv6-capable s_client and s_server
Date: Thu, 24 Oct 2013 10:38:36 +0200
Package: openssl
Version: 1.0.1e-2
Followup-For: Bug #589520

Dear Maintainer,

any news about IPv6 support?
FYI: on FreeBSD 9.2 it is the same.


-- System Information:
Debian Release: 7.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssl depends on:
ii  libc6        2.13-38
ii  libssl1.0.0  1.0.1e-2
ii  zlib1g       1:1.2.7.dfsg-13

openssl recommends no packages.

Versions of packages openssl suggests:
ii  ca-certificates  20130119

-- no debconf information



Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 12:12:09 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.