openssl ocsp(responder) cmd is giving error for ipv6
Michael Wojcik
Michael.Wojcik at microfocus.com
Tue Nov 3 15:09:10 UTC 2020
> From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of perumal v
> Sent: Monday, 2 November, 2020 07:57
> I tried openssl ocsp for ipv6 and got the error message for the OCSP.
> openssl ocsp -url http://[2001:DB8:64:FF9B:0:0:A0A:285E]:8090/ocsp-100/ -issuer ...
> Error creating connect BIO
> 140416130504448:error:20088081:BIO routines:BIO_parse_hostserv:ambiguous host or
> service:crypto/bio/b_addr.c:547:
A quick look at the code suggests this is a bug in OpenSSL. OCSP_parse_url removes the square brackets from a literal IPv6 address in the URL, but BIO_parse_hostserv requires they be present. But I didn't look closely, so I'm not entirely sure that's the issue.
> IPv6 address without the "[]" bracket.
The square brackets are required by the URL specification. There's no point testing without them.
--
Michael Wojcik
More information about the openssl-users
mailing list