Skip to content

Comments

apps: Use the first detected address family if IPv6 is not available [1.1.1]#16078

Closed
ueno wants to merge 1 commit intoopenssl:OpenSSL_1_1_1-stablefrom
ueno:wip/dueno/s_socket-1.1.1
Closed

apps: Use the first detected address family if IPv6 is not available [1.1.1]#16078
ueno wants to merge 1 commit intoopenssl:OpenSSL_1_1_1-stablefrom
ueno:wip/dueno/s_socket-1.1.1

Conversation

@ueno
Copy link
Contributor

@ueno ueno commented Jul 14, 2021

Backport of #16074 to the 1.1.1 branch.

@ueno
apps: Use the first detected address family if IPv6 is not available
1cc8719 
This is a follow up of 15729be.  Even
when the host does not support IPv6 at all, BIO_lookup_ex may now
return IN6ADDR_ANY in addition to INADDR_ANY, as the second element of
the ai_next field.

After eee8a40, the do_server function
prefers the IPv6 address and fails on the BIO_socket call.  This adds
a fallback code to retry with the IPv4 address returned as the first
element to avoid the error.

The failure had been partially avoided in the previous code with
AI_ADDRCONFIG, because getaddrinfo returns only IPv4 address if no
IPv6 address is associated with external interface.  However, it would
be still a problem if the external interface has an IPv6 address
assigned, while the loopback interface doesn't.

Signed-off-by: Daiki Ueno <[email protected]>
@t8m t8m added approval: review pending This pull request needs review by a committer branch: 1.1.1 Applies to OpenSSL_1_1_1-stable branch (EOL) triaged: bug The issue/pr is/fixes a bug labels Jul 14, 2021
@paulidale paulidale added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Jul 15, 2021
@openssl-machine openssl-machine removed the approval: done This pull request has the required number of approvals label Jul 16, 2021
@openssl-machine
Copy link
Collaborator

openssl-machine commented Jul 16, 2021

This pull request is ready to merge

@openssl-machine openssl-machine added the approval: ready to merge The 24 hour grace period has passed, ready to merge label Jul 16, 2021
openssl-machine pushed a commit that referenced this pull request Jul 16, 2021
@ueno
apps: Use the first detected address family if IPv6 is not available
657f3d0 
This is a follow up of 15729be.  Even
when the host does not support IPv6 at all, BIO_lookup_ex may now
return IN6ADDR_ANY in addition to INADDR_ANY, as the second element of
the ai_next field.

After eee8a40, the do_server function
prefers the IPv6 address and fails on the BIO_socket call.  This adds
a fallback code to retry with the IPv4 address returned as the first
element to avoid the error.

The failure had been partially avoided in the previous code with
AI_ADDRCONFIG, because getaddrinfo returns only IPv4 address if no
IPv6 address is associated with external interface.  However, it would
be still a problem if the external interface has an IPv6 address
assigned, while the loopback interface doesn't.

Signed-off-by: Daiki Ueno <[email protected]>

Reviewed-by: Paul Dale <[email protected]>
Reviewed-by: Tomas Mraz <[email protected]>
(Merged from #16078)
@t8m
Copy link
Member

t8m commented Jul 16, 2021

Merged to 1.1.1 branch. Thank you for the contribution.

@t8m t8m closed this Jul 16, 2021
dstebila added a commit to open-quantum-safe/openssl that referenced this pull request Aug 26, 2021
@dstebila @mattcaswell
@NanXiao @t8m @sebastianas @richsalz @levitte @ischwarze @devnexen @DDvO @oleavr @anupamam13 @bbbrumley @tmshort @beldmit @tim-hitchins-ekkosense @mspncp @arminfuerst @bernd-edlinger @jay @kaduk @bsdjhb @zjd87 @jwalch @mszabo @romen @mamapanda @paulidale @dongbeiouba @yursha @mohd-akram @dcoombs @niclasr @slontis @tomato42 @iguessthislldo @bonniegong @botovq @tiran @jpboivin @p-steuer @goodpaperman @larsimmisch-adobe @luyahan @davidben @ueno @ifranzki
Update to OpenSSL 1.1.1l (#330