Repo-included IPv6 Patch Doesn't Work?

[teward]

I just cloned @PeterMosmans 's OpenSSL fork, and applied your patch for OpenSSL. It seems to work fine when patching, but in reality, it returns the 'gethostbyname' resolution failure that is being observed by others in IPv6 handling. The system environment I"m on is Ubuntu 14.04 x86_64.

I tend to roll @PeterMosman's fork myself, because I'm pretty thorough and like to make sure the libraries built against match the version of the ones on my system, hence this message.

Does any modification need to be done to your patch to make it work? Your binaries which are compiled and tarballed onto testssl.sh's website work fine, but the patch on its own doesn't appear to work, even when adding in the necessary configure flags and your patch...

(If you need to reach me outside of the Issues system here, please let me know, and we can discuss this further if need be...)

[drwetter]

Am 05/30/2016 um 08:23 PM schrieb Thomas Ward:

I just cloned @PeterMosmans https://github.com/PeterMosmans 's OpenSSL fork, and applied your
patch for OpenSSL. It seems to work fine when patching, but in reality, it returns the
'gethostbyname' resolution failure that is being observed by others in IPv6 handling. The
system environment I"m on is Ubuntu 14.04 x86_64.

I tend to roll @PeterMosman's fork myself, because I'm pretty thorough and like to make sure
the libraries built against match the version of the openssl binaries I'm using in this case,
hence this message.

Does any modification need to be done to your patch to make it work? Your binaries which are
compiled and tarballed onto testssl.sh's website work fine, but the patch on its own doesn't
appear to work, even when adding in the necessary configure flags and your patch...ed

My patch (published): could be that it's out of date, need to check. If I recall correctyl I
had once
a newer version which from Fedora (which again needed to be patched so that it compiles). I
merged the
changes from Peter to this branch. That's how my IPv6 snapshot of Peter's fork @ #362 was created.

If you diff the forks it should basiaclly tell you the changes.

I know this is not the way it should be. I'll fix that.

Dirk

Set from my mobile. Excuse my brevity&typos

[PeterMosmans]

Adding support for IPv6 is still in the works on the 1.0.2-chacha fork. However, as that's not multi-platform it's not an easy task (lots of conditional IFDEFs for different OS'es. Do know though that it's not forgotten... 😉

@teward: "I'm pretty thorough and like to make sure the libraries built against match the version of the ones on my system," ⬅️ 👍

[teward]

@PeterMosmans Indeed. Given though that the instructions here at Dirk's README under the bin folder states to include the patch that's shipped here, if the patch is old then the instructions are old. It's definitely one of those crazy conditionals issues to make it work everywhere, but with regards to this specific issue, I was simply pointing at the differing results from the README instructions and the binaries already done.

My test system doesn't have IPv6 now, because I keep making my internal network IPv6 configurations wrong, so I gave up for now, but I was testing from one of my IPv6-enabled servers to test if the other reported IPv6 issues was related to the patch. But, it works fine with the binaries on testssl.sh, so I'll borrow those for a while.

---

Thomas

[drwetter]

Am 31. Mai 2016 02:04:03 MESZ, schrieb Thomas Ward [email protected]:

But, it works fine with
the binaries on testssl.sh, so I'll borrow those for a while.

Until I did my home work and for the time being you can clone the snapshot of my fork in #362 if this makes you feel more comfortable.

Cheers, Dirk

Set from my mobile. Excuse my brevity&typos

[drwetter]

@teward : if you mean https://github.com/drwetter/testssl.sh/blob/master/bin/fedora-dirk-ipv6.diff : I just just checked. That's the one I used to compile my recent set of binaries and that did a good job (12,04 LTS + FreeBSD 9)

[drwetter]

Closing, see above