[Pkg-openssl-devel] Bug#589520: ipv6 support in s_client

[Witold Baryluk]

Hi,
i was going to ask for this, but I see somebody already was thinking about this problem.

I reviewied patch, it is quite trivial (and actually solves other possible problems),
but have few suggestions.

numerical IPv6 in -host should be IMHO given in squere brackets.

openssl s_client -connect '[2a00:1450:8003::6a]:443"

This both makes it less ambigious (one could for example be incident
write 
openssl s_client -connect 2a00:1450:8003::52:62

THinking that port 443 is a default. THis will make s_client fail to connect
(for 3 reasons: bad IPv6 address, bad port, and evenntually bad certificate).

In -host option, IMHO it should be possible to write both using syntaxes:
openssl s_client -host 2a00:1450:8003::6a -port 443
openssl s_client -host "[2a00:1450:8003::6a]" -port 443

But first (without square brackets) would suffice,
and will be more consitant with other tools.



I also think man page should be changed from

+
+Use only IPv4 addresses when resolving the host name.
+
+=item B<-6>
+
+Use only IPv6 addresses when resolving the host name.


to

+
+Forces ssh to use IPv4 addresses only.
+
+=item B<-6>
+
+Forces ssh to use IPv6 addresses only.


(actually copied from ssh manual page).

This is becuase RESOLVING can still involve IPv6 (depends on your resolv.conf,
and your upstream DNS servers). -4/-6 option changes which of the DNS records to use for CONNECTING.


Thanks.

-- 
Witold Baryluk
JID: witold.baryluk // jabster.pl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20110123/91d5e736/attachment.pgp>