openssl ocsp(responder) cmd is giving error for ipv6
perumal v
sanperumalv at gmail.com
Wed Nov 4 09:13:21 UTC 2020
HI,
it started working after modification in OCSP_parse_url
change is *highlighted* below and basically keeping [] brackets
for ipv6 :
OCSP_parse_url
p = host;
if (host[0] == '[') {
/* ipv6 literal */
*// host++; *
p = strchr(host, ']');
if (!p)
goto parse_err;
* // *p = '\0';*
p++;
}
Is this the correct way to do so?
Thanks for your help Michael.
Thanks
Perumal
On Tue, Nov 3, 2020 at 8:40 PM Michael Wojcik <Michael.Wojcik at microfocus.com>
wrote:
> > From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of
> perumal v
> > Sent: Monday, 2 November, 2020 07:57
>
> > I tried openssl ocsp for ipv6 and got the error message for the OCSP.
>
> > openssl ocsp -url http://[2001:DB8:64:FF9B:0:0:A0A:285E]:8090/ocsp-100/
> -issuer ...
> > Error creating connect BIO
> > 140416130504448:error:20088081:BIO routines:BIO_parse_hostserv:ambiguous
> host or
> > service:crypto/bio/b_addr.c:547:
>
> A quick look at the code suggests this is a bug in OpenSSL. OCSP_parse_url
> removes the square brackets from a literal IPv6 address in the URL, but
> BIO_parse_hostserv requires they be present. But I didn't look closely, so
> I'm not entirely sure that's the issue.
>
> > IPv6 address without the "[]" bracket.
>
> The square brackets are required by the URL specification. There's no
> point testing without them.
>
> --
> Michael Wojcik
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201104/d6037d04/attachment-0001.html>
More information about the openssl-users
mailing list