Hello,

attached please find a patch that makes it possible to use IPv6
addresses with openssl's s_client and s_server. The patch is against
openssl-0.9.8b as found in the Fedora Core Rawhide
openssl-0.9.8b-3.src.rpm package.

Without this patch, using IPv6-only hostname fails with

$ openssl s_client -connect 'ipv6hostname:443'
gethostbyname failure
connect:errno=0

and using IPv6 address fails with

$ openssl s_client -connect '[::FFFF:195.30.6.166]:https'
getservbyname failure for :FFFF:195.30.6.166]:https
usage: s_client args

With this patch, the command line parameters are correctly processed
and used, for hostnames, IPv6 addresses and IPv4 mapped addresses,
using a bracket notation:

$ openssl s_client -connect '[::FFFF:195.30.6.166]:https'
CONNECTED(00000003)
depth=0 /ST=The Internet/O=The OpenSSL Project/CN=www.openssl.org/emailAddress=openssl-team@openssl.org
[...]

The Red Hat maintainer of the openssl package (Cc is ready to apply
the patch for the next Fedora Core, which would give the IPv6 feature
to people who do not want to compile and patch their software. But we
wanted to make sure that such a change will be seen as a correct thing
to do by the OpenSSL Team.

Therefore, I'd welcome your opinion about the patch and a possibility
of it being applied to the core openssl source.

Yours,

--
Jan Pazdziora

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org