[openssl-users] OPENSSL_USE_IPV6 -- bio_dgram, vs travis-ci

Richard Levitte levitte at openssl.org
Thu Feb 8 04:44:33 UTC 2018

In message <11282.1517852098 at obiwan.sandelman.ca> on Mon, 05 Feb 2018 12:34:58 -0500, Michael Richardson <mcr at sandelman.ca> said:

mcr> bio_dgram has a bunch of #if on: OPENSSL_USE_IPV6, and I thought that this
mcr> might be a common #ifdef, but actually it only occurs in that file.
mcr> I looked through Configurations, and I didn't see it at all.

I assume we're talking about OpenSSL 1.1.0 and newer.

It's defined to be 0 or 1 in include/internal/sockets.h, here are the
relevant lines:

    # if !defined(OPENSSL_USE_IPV6)
    #  if defined(AF_INET6)
    #   define OPENSSL_USE_IPV6 1
    #  else
    #   define OPENSSL_USE_IPV6 0
    #  endif
    # endif

You're right, though, that we're sloppy in using this...  and quite
frankly, I'd argue that OPENSSL_USE_IPV6 should be removed entirely,
as it's an artifact from longago, when IPv6 support wasn't the best.

mcr> Other usage is #ifdef AF_INET6, but IPv6 code is available, but I
mcr> want to build without it.

I'm not sure I understand why...  more below.

mcr> Fundamentally, I want to turn off IPv6 testing off on travis builds, because
mcr> travis has IPv6 turned off, see:
mcr>        https://github.com/travis-ci/travis-ci/issues/4964
mcr>        https://github.com/travis-ci/travis-ci/issues/3302
mcr> You can't even bind ::1 on travis.  I hate this jurassic stuff.

OK, so here's another possibility...  if you don't want to use IPv6,
then don't use it!  From an OpenSSL perspective, there are many
possibilities to get IPv4 only even if it's built to allow IPv6 as
well.  When creating a socket, regardless of if you use socket() or
BIO_socket(), you can use AF_UNSPEC, AF_INET or AF_INET6 at your
leasure.  When looking up an address with BIO_lookup_ex, you can
specify the address family the same way.  'openssl s_client' and
'openssl s_server' both take options -4 and -6 to say which address
family should be used.

Now, this ties back to your request on building.  Why should you
disable the building of IPv6 code, just because you don't want to use


Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/

More information about the openssl-users mailing list