Skip Menu |

This queue is for tickets about the IO-Socket-SSL CPAN distribution.

Report information
The Basics
Id: 76660
Status: rejected
Priority: 0/
Queue: IO-Socket-SSL
People
Owner: Nobody in particular
Requestors: remi.pauchet [...] netasq.com
Cc:
AdminCc:
Bug Information
Severity: Important
Broken in: 1.66
Fixed in: (no value)

History Show all quoted text
  Wed Apr 18 10:54:35 2012 remi.pauchet [...] netasq.com - Ticket created
Subject: SSL server can't bind both ipv4 and ipv6
Hi, I'm upgrading to IPV6 an existing ssl server script which already uses IO::Socket::SSL for years. I installed IO::Socket::INET6 and if i use Domain => AF_UNSPEC, the server only binds the ipv6 address. I was expecting IO::Socket::SSL should bind both ipv4 and ipv6 addresses. my code : $server = IO::Socket::SSL->new( Listen => SOMAXCONN, LocalPort => $self->{PORT}, Proto => 'tcp', Reuse => 1, SSL_cert_file => $self->{SSL_SERVER_CERT_FILE}, SSL_key_file => $self->{SSL_SERVER_KEY_FILE}, Domain => AF_UNSPEC ) or die ... with Domain => AF_INET the script binds the ipv4 address as expected with Domain => AF_INET6 the script binds the ipv6 address as expected The same server script without the ssl layer (using only IO::Socket::INET6) can bind both ipv6 et ipv4 addresses. I tested IO::Socket::SSL 1.66, perl 5.12 with FreeBSD 7.3 and ubuntu 11.10 with the same result. Thanks for your support!
  Wed Apr 18 18:27:46 2012 Steffen_Ullrich [...] genua.de - Correspondence added
Subject: Re: [rt.cpan.org #76660] SSL server can't bind both ipv4 and ipv6
Date: Thu, 19 Apr 2012 00:27:14 +0200
To: Rémi Pauchet via RT <bug-IO-Socket-SSL [...] rt.cpan.org>
From: Steffen Ullrich <Steffen_Ullrich [...] genua.de>
Show quoted text
> I'm upgrading to IPV6 an existing ssl server script which already uses IO::Socket::SSL for > years. > > I installed IO::Socket::INET6 and if i use Domain => AF_UNSPEC, the server only binds the > ipv6 address. I was expecting IO::Socket::SSL should bind both ipv4 and ipv6 addresses. > ... > The same server script without the ssl layer (using only IO::Socket::INET6) can bind both ipv6 > et ipv4 addresses.
I've tried on Ubuntu 11.10 too. I've used IO::Socket::INET6 2.65 and IO::Socket::SSL 1.66 with the following program use strict; use warnings; use IO::Socket::SSL; use Socket; for my $class ( qw(IO::Socket::SSL IO::Socket::INET6)) { for my $domain (AF_UNSPEC,AF_INET6,AF_INET) { print "dom=$domain class=$class ---- \n"; my $srv = $class->new( Listen => 10, SSL_server => 1, LocalPort => 1234, Reuse => 1, Domain => $domain, ) or die; system('netstat -nl -A inet | grep 1234'); system('netstat -nl -A inet6 | grep 1234'); } } I get dom=0 class=IO::Socket::SSL ---- tcp6 0 0 :::1234 :::* LISTEN dom=10 class=IO::Socket::SSL ---- tcp6 0 0 :::1234 :::* LISTEN dom=2 class=IO::Socket::SSL ---- tcp 0 0 0.0.0.0:1234 0.0.0.0:* LISTEN dom=0 class=IO::Socket::INET6 ---- tcp6 0 0 :::1234 :::* LISTEN dom=10 class=IO::Socket::INET6 ---- tcp6 0 0 :::1234 :::* LISTEN dom=2 class=IO::Socket::INET6 ---- tcp 0 0 0.0.0.0:1234 0.0.0.0:* LISTEN so IO::Socket::SSL behaves the same as IO::Socket::INET6, e.g. opens IPv6 sockets for AF_INET6 and AF_UNSPEC and IPv4 sockets for AF_INET, which matches documentation of IO::Socket::INET6. Both the SSL and the plain INET6 socket provide access for IPv4 connects via v4-mapped-on-v6, at least on Linux. IMHO there is no such thing as a single socket, which listens for IPv6 and IPv4. There is only an IPv6 socket getting IPv4 connection through the v4-mapped-on-v6 mechanism, which is not supported on all OS (OpenBSD has no support for security reasons). So you need to create two sockets, one for IPv4 and one for IPv6. The use for AF_UNSPEC is only to let getaddrinfo decide if it should use AF_INET6 or AF_INET, if the host can do both it will pick AF_INET6. Regards, Steffen -- GeNUA Gesellschaft für Netzwerk - und Unix-Administration mbH Domagkstr. 7, D-85551 Kirchheim. http://www.genua.de Tel: (089) 99 19 50-0, Fax: (089) 99 10 50 - 999 Geschäftsführer: Dr. Magnus Harlander, Dr. Michaela Harlander, Bernhard Schneck. Amtsgericht München HRB 98238
  Wed Apr 18 18:27:47 2012 The RT System itself - Status changed from 'new' to 'open'
  Thu Apr 19 10:26:38 2012 remi.pauchet [...] netasq.com - Correspondence added
From: remi.pauchet [...] netasq.com
Thanks for your time. You've pointed the right thing this is linked to the sysctl net.inet6.ip6.v6only On a BSD (or a debian) this sysctl is set to 1 by default, so AF_INET6 only binds ipv6 I'll bind two socket and use a select for the accept.
  Thu Apr 19 10:33:01 2012 Steffen_Ullrich [...] genua.de - Correspondence added
works as designed :)
  Thu Apr 19 10:33:02 2012 Steffen_Ullrich [...] genua.de - Status changed from 'open' to 'rejected'