Closed digint closed 5 months ago
I think regarding to comments @noxxi we need to keep the same logic. Maybe we can try to detect whether it has any double colons (::
) in address, or look for the square brackets? Because you see, if we use host()
call, we will have the fd00:0:1:1f::4
, which after concatenation with port()
gives us: fd00:0:1:1f::4:8443
, which is invalid. Using host_port
call returns us the [fd00:0:1:1f::4]:8443
, which is right. Please let me know how can I help to fix your issue in a way to keep ipv6 functionality working. Thanks.
IMHO only host() should be used to check if it is an IP address, not host_port(). Checking for ::
as an indicator for IPv6 would be wrong, since ::
is only part of abbreviated IPv6 but not in every IPv6 address. A single :
instead is in every IPv6 address, never inside an IPv4 address and never inside a hostname. What was wrong with my original proposal in https://github.com/libwww-perl/libwww-perl/issues/449#issuecomment-1896175509 ?
Ok, I see, let's make it host()
call then, sorry for the confusion.
If you add this, we can hopefully get a complete test run.
diff --git a/Changes b/Changes
index 45cb4cf..d5af736 100644
--- a/Changes
+++ b/Changes
@@ -1,6 +1,7 @@
Release history for LWP-Protocol-https
{{$NEXT}}
+ - Fix ssl upgrade for regular host names (GH#77) (Axel Burri)
6.12 2024-01-22 17:51:31Z
- Enable MultiHomed for IO::Socket::SSL (GH#61) (ℕicolas ℝ.)
Due to a buggy string match, SSL_hostname is always undef: matching ":" in host_port, which always has a colon between the host and the port. This leads to "certificate verify failed" openssl error (observed along with a proxy negotiating TLVv1.3).
I suspect this is openssl trying to compare the hostname (which we do not pass) in the server certificate CN / SAN.
Fixes regression introduced in v6.12:
6e9101ba Making it possible to use IPv6 in https call...