[openssl] OpenSSL_1_1_1-stable update

tomas at openssl.org tomas at openssl.org
Fri Jul 16 06:59:54 UTC 2021

The branch OpenSSL_1_1_1-stable has been updated
       via  657f3d030fce41600d3b9f8daf4cb98c8dc4ec3e (commit)
      from  b46a26b3ade22be5ba4c39bf89c66f17d7900944 (commit)

- Log -----------------------------------------------------------------
commit 657f3d030fce41600d3b9f8daf4cb98c8dc4ec3e
Author: Daiki Ueno <dueno at redhat.com>
Date:   Wed Jul 14 11:15:34 2021 +0200

    apps: Use the first detected address family if IPv6 is not available
    This is a follow up of 15729bef385211bc2a0497e2d53a45c45d677d2c.  Even
    when the host does not support IPv6 at all, BIO_lookup_ex may now
    return IN6ADDR_ANY in addition to INADDR_ANY, as the second element of
    the ai_next field.
    After eee8a40aa5e06841eed6fa8eb4f6109238d59aea, the do_server function
    prefers the IPv6 address and fails on the BIO_socket call.  This adds
    a fallback code to retry with the IPv4 address returned as the first
    element to avoid the error.
    The failure had been partially avoided in the previous code with
    AI_ADDRCONFIG, because getaddrinfo returns only IPv4 address if no
    IPv6 address is associated with external interface.  However, it would
    be still a problem if the external interface has an IPv6 address
    assigned, while the loopback interface doesn't.
    Signed-off-by: Daiki Ueno <dueno at redhat.com>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16078)


Summary of changes:
 apps/s_socket.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/apps/s_socket.c b/apps/s_socket.c
index 76f9289002..f16de24145 100644
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -214,6 +214,8 @@ int do_server(int *accept_sock, const char *host, const char *port,
     const BIO_ADDRINFO *next;
     int sock_family, sock_type, sock_protocol, sock_port;
     const BIO_ADDR *sock_address;
+    int sock_family_fallback = AF_UNSPEC;
+    const BIO_ADDR *sock_address_fallback = NULL;
     int sock_options = BIO_SOCK_REUSEADDR;
     int ret = 0;
@@ -244,6 +246,10 @@ int do_server(int *accept_sock, const char *host, const char *port,
             && BIO_ADDRINFO_protocol(next) == sock_protocol) {
         if (sock_family == AF_INET
                 && BIO_ADDRINFO_family(next) == AF_INET6) {
+            /* In case AF_INET6 is returned but not supported by the
+             * kernel, retry with the first detected address family */
+            sock_family_fallback = sock_family;
+            sock_address_fallback = sock_address;
             sock_family = AF_INET6;
             sock_address = BIO_ADDRINFO_address(next);
         } else if (sock_family == AF_INET6
@@ -253,6 +259,10 @@ int do_server(int *accept_sock, const char *host, const char *port,
     asock = BIO_socket(sock_family, sock_type, sock_protocol, 0);
+    if (asock == INVALID_SOCKET && sock_family_fallback != AF_UNSPEC) {
+        asock = BIO_socket(sock_family_fallback, sock_type, sock_protocol, 0);
+        sock_address = sock_address_fallback;
+    }
     if (asock == INVALID_SOCKET
         || !BIO_listen(asock, sock_address, sock_options)) {

More information about the openssl-commits mailing list