search

PeterMosmans / openssl

'Extra featured' OpenSSL with ChaCha20 and Poly1305 support
https://onwebsecurity.com/pages/openssl.html
Other
92 stars 18 forks source link

IPv6 support seems easy #31

Open drwetter opened 8 years ago

drwetter commented 8 years ago

Hi Peter.,

there were several tries to get s_client and s_server fully(?) support Ipv6.

http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.2a-ipv6-apps.patch applies smoothly to your fork and I could connect e.g. to ipv6.google.com.

Cheers, Dirk

PeterMosmans commented 8 years ago

Hi @drwetter , thanks for your request. The last time I tried a number of IPv6 patches for the openssl fork, and they all caused issues on the Windows platform. They weren't cross-platform compatible. I'll look into the patch(es) again to see if they work and report back to you.

Cheers, Peter

drwetter commented 8 years ago

Can't tell for Windows but FYI:

Just did successfully on FreeBSD 9.3 a testssl.sh run (patch not yet committed) against ipv6.google.com -- with an older version of your tree and the FC IPv6 patch.

PeterMosmans commented 8 years ago

Hi @drwetter , I rebased the Fedora patch and applied it to 1.0.2-chacha. Feel free to be adventurous with this build :smile: See 8858f0e58d7f0b9ed53f20b87b43392866cdcc87

Note that this is an experimental version, and it will NOT compile on all platforms. Therefore I won't merge this back into the 1.0.2-chacha branch yet.

drwetter commented 8 years ago

Thx Peter!

Any clues why it fails on your platform? No chance for one PM fork? ;-)

Anecdote: I patched the FC patch myself before. As the rejects / compile errors came through the change of --proxy I assumed after fixing those I could use even use an IPv6 proxy -- but I was wrong.

1st RFC is almost 20 years ago, see https://tools.ietf.org/html/rfc1883 .

PeterMosmans commented 8 years ago

Hi @drwetter , did you try 8858f0e58d7f0b9ed53f20b87b43392866cdcc87 yet ? IPv6 support is a tad more difficult for MSYS2, but I found some useful pointers. Unfortunately this means IFDEFfing a number of statements... there is no clear IPv6 solution that compiles cleanly across all platforms.

Stay tuned!

Peter

drwetter commented 8 years ago

Hi @PeterMosmans,

to be honest: not yet. Any difference to the FC patch plus the fixes necessary because of the changes of the proxy option in SSL?

The whole history of IPv6 in OpenSSL is sad. LibreSSL seems more advanced -- no wonder networking is higher valued of BSD folks. They do other things different though.

BTW: Also an IPv6 proxy works there.

Have only looked into the Linux/BSD tar ball of LibreSSL yet. They have a different one for windows.

Will of course stay tuned whatever good happens in your fork ;-)

Cheers, Dirk