openssl ocsp(responder) cmd is giving error for ipv6

Michael Wojcik Michael.Wojcik at
Tue Nov 3 15:09:10 UTC 2020

> From: openssl-users <openssl-users-bounces at> On Behalf Of perumal v
> Sent: Monday, 2 November, 2020 07:57

> I tried openssl ocsp for ipv6 and got the error message for the OCSP.

> openssl ocsp -url http://[2001:DB8:64:FF9B:0:0:A0A:285E]:8090/ocsp-100/ -issuer ...
> Error creating connect BIO
> 140416130504448:error:20088081:BIO routines:BIO_parse_hostserv:ambiguous host or
> service:crypto/bio/b_addr.c:547:

A quick look at the code suggests this is a bug in OpenSSL. OCSP_parse_url removes the square brackets from a literal IPv6 address in the URL, but BIO_parse_hostserv requires they be present. But I didn't look closely, so I'm not entirely sure that's the issue.

> IPv6 address without the "[]" bracket.

The square brackets are required by the URL specification. There's no point testing without them.

Michael Wojcik

More information about the openssl-users mailing list