[openssl-users] IPv6 and OpenSSL at the BIO level -- should it work?

mclellan, dave dave.mclellan at emc.com
Thu Jan 29 15:09:30 UTC 2015

I have a colleague who is using OpenSSL 1.0.1j and BIOs to connect to servers.   Given the requirement that his software must now connect to IPv6 addresses, still using the BIO interface, is it supposed to work?      That is, can a BIO caller pass a string hostname:port like this "[2620:0:170:28a1::1003]:443" to BIO and have it work?

I see a reference to Patch #1365 which deals with openssl s_client and doing left-side truncation of an IPv6 address specified in the -connect option.   The discussion of this patch is http://rt.openssl.org/Ticket/Display.html?id=1365&user=guest&pass=guest but it looks like it's a patch for the application, not the BIO.   In fact in the plain build of 1.0.1j I have with OPENSSL_USE_IPV6 specified, still has this left-side truncation issue (I see code in crypto/apps/s_socket.c:extract_host_port() which simply looks for a colon and takes what's on the right side for the port, assuming the left side is a dotted decimal IPv4 address.

I have already suggested to this colleague that the issue with IPv6 is name and address resolution, not socket I/O.   If he handles the name resolution himself, creates a socket with the right address family and sockaddr format, and then uses the right BIO calls, it should work.   We do our own name/address handling and don't use BIO in my application so I have never studied how to do it there.

Thanks for your advice


Dave McLellan, Enterprise Storage Software Engineering, EMC Corporation, 176 South St.
Mail Stop 176-V1 1/P-36, Hopkinton, MA 01749
Office:    508-249-1257, FAX: 508-497-8027, Mobile:   978-500-2546, dave.mclellan at emc.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150129/79cf0a7e/attachment-0001.html>

More information about the openssl-users mailing list