Skip to content

Comments

apps: Use the first detected address family if IPv6 is not available#16074

Closed
ueno wants to merge 1 commit intoopenssl:masterfrom
ueno:wip/dueno/s_socket
Closed

apps: Use the first detected address family if IPv6 is not available#16074
ueno wants to merge 1 commit intoopenssl:masterfrom
ueno:wip/dueno/s_socket

Conversation

@ueno
Copy link
Contributor

@ueno ueno commented Jul 14, 2021

This is a follow up of 15729be. Even
when the host does not support IPv6 at all, BIO_lookup_ex may now
return IN6ADDR_ANY in addition to INADDR_ANY, as the second element of
the ai_next field.

After eee8a40, the do_server function
prefers the IPv6 address and fails on the BIO_socket call. This adds
a fallback code to retry with the IPv4 address returned as the first
element to avoid the error.

The failure had been partially avoided in the previous code with
AI_ADDRCONFIG, because getaddrinfo returns only IPv4 address if no
IPv6 address is associated with external interface. However, it would
be still a problem if the external interface has an IPv6 address
assigned, while the loopback interface doesn't.

Signed-off-by: Daiki Ueno [email protected]

Checklist
  • documentation is added or updated
  • tests are added or updated

@ueno
apps: Use the first detected address family if IPv6 is not available
70e5dd6 
This is a follow up of 15729be.  Even
when the host does not support IPv6 at all, BIO_lookup_ex may now
return IN6ADDR_ANY in addition to INADDR_ANY, as the second element of
the ai_next field.

After eee8a40, the do_server function
prefers the IPv6 address and fails on the BIO_socket call.  This adds
a fallback code to retry with the IPv4 address returned as the first
element to avoid the error.

The failure had been partially avoided in the previous code with
AI_ADDRCONFIG, because getaddrinfo returns only IPv4 address if no
IPv6 address is associated with external interface.  However, it would
be still a problem if the external interface has an IPv6 address
assigned, while the loopback interface doesn't.

Signed-off-by: Daiki Ueno <[email protected]>
@ueno ueno force-pushed the wip/dueno/s_socket branch from 53adbc2 to 70e5dd6 Compare July 14, 2021 10:41
@t8m
Copy link
Member

t8m commented Jul 14, 2021

Please also open PR against 1.1.1 unless this one can be cherry-picked cleanly.

@t8m t8m added approval: review pending This pull request needs review by a committer branch: master Applies to master branch triaged: bug The issue/pr is/fixes a bug labels Jul 14, 2021
@t8m t8m added this to the 3.0.0 milestone Jul 14, 2021
@t8m t8m added the branch: 1.1.1 Applies to OpenSSL_1_1_1-stable branch (EOL) label Jul 14, 2021
@ueno ueno mentioned this pull request Jul 14, 2021
Closed
@slontis slontis removed the branch: 1.1.1 Applies to OpenSSL_1_1_1-stable branch (EOL) label Jul 15, 2021
@paulidale paulidale added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Jul 15, 2021
@openssl-machine openssl-machine added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Jul 16, 2021
@openssl-machine
Copy link
Collaborator

openssl-machine commented Jul 16, 2021

This pull request is ready to merge

openssl-machine pushed a commit that referenced this pull request Jul 16, 2021
@ueno @t8m
apps: Use the first detected address family if IPv6 is not available
09c1db3 
This is a follow up of 15729be.  Even
when the host does not support IPv6 at all, BIO_lookup_ex may now
return IN6ADDR_ANY in addition to INADDR_ANY, as the second element of
the ai_next field.

After eee8a40, the do_server function
prefers the IPv6 address and fails on the BIO_socket call.  This adds
a fallback code to retry with the IPv4 address returned as the first
element to avoid the error.

The failure had been partially avoided in the previous code with
AI_ADDRCONFIG, because getaddrinfo returns only IPv4 address if no
IPv6 address is associated with external interface.  However, it would
be still a problem if the external interface has an IPv6 address
assigned, while the loopback interface doesn't.

Signed-off-by: Daiki Ueno <[email protected]>

Reviewed-by: Paul Dale <[email protected]>
Reviewed-by: Tomas Mraz <[email protected]>
(Merged from #16074)
@t8m
Copy link
Member

t8m commented Jul 16, 2021

Merged to master. Thank you for your contribution.

@t8m t8m closed this Jul 16, 2021
@sthagen sthagen mentioned this pull request Jul 16, 2021
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@t8m t8m t8m approved these changes

@paulidale paulidale paulidale approved these changes

Assignees

No one assigned

Labels

approval: ready to merge The 24 hour grace period has passed, ready to merge branch: master Applies to master branch triaged: bug The issue/pr is/fixes a bug

Projects

None yet

Milestone

3.0.0

Development

Successfully merging this pull request may close these issues.

5 participants

@ueno @t8m @openssl-machine @paulidale @slontis