Re: OPENSSL_USE_IPV6 -- bio_dgram, vs travis-ci

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

In message <11282.1517852098@xxxxxxxxxxxxxxxxxxx> on Mon, 05 Feb 2018 12:34:58 -0500, Michael Richardson <mcr@xxxxxxxxxxxx> said:

mcr> bio_dgram has a bunch of #if on: OPENSSL_USE_IPV6, and I thought that this
mcr> might be a common #ifdef, but actually it only occurs in that file.
mcr> 
mcr> I looked through Configurations, and I didn't see it at all.

I assume we're talking about OpenSSL 1.1.0 and newer.

It's defined to be 0 or 1 in include/internal/sockets.h, here are the
relevant lines:

    # if !defined(OPENSSL_USE_IPV6)
    #  if defined(AF_INET6)
    #   define OPENSSL_USE_IPV6 1
    #  else
    #   define OPENSSL_USE_IPV6 0
    #  endif
    # endif

You're right, though, that we're sloppy in using this...  and quite
frankly, I'd argue that OPENSSL_USE_IPV6 should be removed entirely,
as it's an artifact from longago, when IPv6 support wasn't the best.

mcr> Other usage is #ifdef AF_INET6, but IPv6 code is available, but I
mcr> want to build without it.

I'm not sure I understand why...  more below.

mcr> Fundamentally, I want to turn off IPv6 testing off on travis builds, because
mcr> travis has IPv6 turned off, see:
mcr>        https://github.com/travis-ci/travis-ci/issues/4964
mcr>        https://github.com/travis-ci/travis-ci/issues/3302
mcr> 
mcr> You can't even bind ::1 on travis.  I hate this jurassic stuff.

OK, so here's another possibility...  if you don't want to use IPv6,
then don't use it!  From an OpenSSL perspective, there are many
possibilities to get IPv4 only even if it's built to allow IPv6 as
well.  When creating a socket, regardless of if you use socket() or
BIO_socket(), you can use AF_UNSPEC, AF_INET or AF_INET6 at your
leasure.  When looking up an address with BIO_lookup_ex, you can
specify the address family the same way.  'openssl s_client' and
'openssl s_server' both take options -4 and -6 to say which address
family should be used.

Now, this ties back to your request on building.  Why should you
disable the building of IPv6 code, just because you don't want to use
it?

Cheers,
Richard

-- 
Richard Levitte         levitte@xxxxxxxxxxx
OpenSSL Project         http://www.openssl.org/~levitte/
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux