Bug#1070033: libgnutls30: rejects numeric IPv6 addresses during connection
Elliott Mitchell
ehem+debian at m5p.com
Fri May 17 03:06:39 BST 2024
On Tue, May 14, 2024 at 06:22:09PM +0200, Andreas Metzler wrote:
> On 2024-05-14 Elliott Mitchell <ehem+debian at m5p.com> wrote:
> > On Wed, May 01, 2024 at 01:45:00PM +0200, Andreas Metzler wrote:
> [...]
> >> well you could post the complete output of
> >> gnutls-cli --port 636 fd12:3456:7890:abcd::3
> >> perhaps even with -d10? I would reassign to openldap then if there are
> >> no obvious clues.
>
> > `gnutls-cli` doesn't yield anything obvious.
> [...]
> Could you please post the requested output, although there are no
> obvious clues there to your eyes?
Problem is that provides rather a lot of data about this network setup.
The quantity of information is enough for me to be rather uncomfortable
with providing it via public channel.
I did get the connection to proceed further than before though. If I add
the IPv6 address of the LDAP server to /etc/hosts, and then use the
hostname instead of IPv6 address for the uri line of /etc/nslcd.conf
things get further (I believe over IPv6, but I haven't satisfactorily
verified this).
This suggests #1070033 is either in libgnutls30 or slapd. The issue
could be slapd is passing an IPv6 address to a portion of libgnutls30's
API which requires a hostname. The issue could be libgnutls30 rejects
IPv6 addresses in some place(s) where they should be valid by the API.
I notice the `_gnutls_dnsname_is_valid()` function in
gnutls28-3.8.5/lib/str.h accepts IPv4 addresses (which are NOT valid in
DNS), but rejects IPv6 addresses.
--
(\___(\___(\______ --=> 8-) EHM <=-- ______/)___/)___/)
\BS ( | ehem+sigmsg at m5p.com PGP 87145445 | ) /
\_CS\ | _____ -O #include <stddisclaimer.h> O- _____ | / _/
8A19\___\_|_/58D2 7E3D DDF4 7BA6 <-PGP-> 41D1 B375 37D0 8714\_|_/___/5445
More information about the Pkg-gnutls-maint
mailing list