HI,
it started working after modification in OCSP_parse_url
change is highlighted below and basically keeping [] brackets for ipv6 :
OCSP_parse_url
p = host;
if (host[0] == '[') {
/* ipv6 literal */
// host++;
p = strchr(host, ']');
if (!p)
goto parse_err;
// *p = '\0';
p++;
}
if (host[0] == '[') {
/* ipv6 literal */
// host++;
p = strchr(host, ']');
if (!p)
goto parse_err;
// *p = '\0';
p++;
}
Is this the correct way to do so?
Thanks for your help Michael.
Thanks
Perumal
On Tue, Nov 3, 2020 at 8:40 PM Michael Wojcik <Michael.Wojcik@xxxxxxxxxxxxxx> wrote:
> From: openssl-users <openssl-users-bounces@xxxxxxxxxxx> On Behalf Of perumal v
> Sent: Monday, 2 November, 2020 07:57
> I tried openssl ocsp for ipv6 and got the error message for the OCSP.
> openssl ocsp -url http://[2001:DB8:64:FF9B:0:0:A0A:285E]:8090/ocsp-100/ -issuer ...
> Error creating connect BIO
> 140416130504448:error:20088081:BIO routines:BIO_parse_hostserv:ambiguous host or
> service:crypto/bio/b_addr.c:547:
A quick look at the code suggests this is a bug in OpenSSL. OCSP_parse_url removes the square brackets from a literal IPv6 address in the URL, but BIO_parse_hostserv requires they be present. But I didn't look closely, so I'm not entirely sure that's the issue.
> IPv6 address without the "[]" bracket.
The square brackets are required by the URL specification. There's no point testing without them.
--
Michael Wojcik
