openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

http_server.c: allow clients to connect with IPv6 

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21033)
This commit is contained in:
Dr. David von Oheimb 2023-05-23 21:54:26 +02:00 committed by Dr. David von Oheimb
parent 3d254b3134
commit 830b6a13f9
4 changed files with 24 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/lib/http_server.c
View File

@ -198,7 +198,9 @@ BIO *http_server_init(const char *prog, const char *port, int verb)
BIO *acbio = NULL, *bufbio;
int asock;
int port_num;
char name[40];
snprintf(name, sizeof(name), "[::]:%s", port); /* port may be "0" */
if (verb >= 0 && !log_set_verbosity(prog, verb))
return NULL;
bufbio = BIO_new(BIO_f_buffer());
@ -207,7 +209,7 @@ BIO *http_server_init(const char *prog, const char *port, int verb)
acbio = BIO_new(BIO_s_accept());
if (acbio == NULL
|| BIO_set_bind_mode(acbio, BIO_BIND_REUSEADDR) < 0
|| BIO_set_accept_port(acbio, port /* may be "0" */) < 0) {
|| BIO_set_accept_name(acbio, name) < 0) {
log_HTTP(prog, LOG_ERR, "error setting up accept BIO");
goto err;
}

9
doc/man1/openssl-cmp.pod.in
View File

@ -473,8 +473,10 @@ Reason numbers defined in RFC 5280 are:
=item B<-server> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>
The DNS hostname or IP address and optionally port
The I<host> domain name or IP address and optionally I<port>
of the CMP server to connect to using HTTP(S).
IP address may be for v4 or v6, such as C<127.0.0.1> or C<[::]> for localhost.
This option excludes I<-port> and I<-use_mock_srv>.
It is ignored if I<-rspin> is given with enough filename arguments.
@ -1039,8 +1041,9 @@ This excludes the B<-server> and B<-port> options.
=item B<-port> I<number>
Act as HTTP-based CMP server mock-up listening on the given port.
This excludes the B<-server> and B<-use_mock_srv> options.
Act as HTTP-based CMP server mock-up listening on the given local port.
The client may address the server via, e.g., C<127.0.0.1> or C<[::]>.
This option excludes the B<-server> and B<-use_mock_srv> options.
The B<-rspin>, B<-rspout>, B<-reqin>, and B<-reqout> options
so far are not supported in this mode.

21
doc/man1/openssl-ocsp.pod.in
View File

@ -30,7 +30,7 @@ B<openssl> B<ocsp>
[B<-respin> I<file>]
[B<-url> I<URL>]
[B<-host> I<host>:I<port>]
[B<-path>]
[B<-path> I<pathname>]
[B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]>]
[B<-no_proxy> I<addresses>]
[B<-header>]
@ -167,16 +167,21 @@ with B<-serial>, B<-cert> and B<-host> options).
=item B<-url> I<responder_url>
Specify the responder URL. Both HTTP and HTTPS (SSL/TLS) URLs can be specified.
Specify the responder host and optionally port and path via a URL.
Both HTTP and HTTPS (SSL/TLS) URLs can be specified.
The optional userinfo and fragment components are ignored.
Any given query component is handled as part of the path component.
For details, see the B<-host> and B<-path> options described next.
=item B<-host> I<hostname>:I<port>, B<-path> I<pathname>
=item B<-host> I<host>:I<port>, B<-path> I<pathname>
If the B<-host> option is present then the OCSP request is sent to the host
I<hostname> on port I<port>. The B<-path> option specifies the HTTP pathname
to use or "/" by default. This is equivalent to specifying B<-url> with scheme
http:// and the given hostname, port, and pathname.
I<host> on port I<port>.
The I<host> may be a domain name or an IP (v4 or v6) address,
such as C<127.0.0.1> or C<[::]> for localhost.
The B<-path> option specifies the HTTP pathname to use or "/" by default.
This is equivalent to specifying B<-url> with scheme
http:// and the given I<host>, I<port>, and optional I<pathname>.
=item B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]>
@ -377,8 +382,8 @@ subject name.
=item B<-port> I<portnum>
Port to listen for OCSP requests on. The port may also be specified
using the B<url> option.
Port to listen for OCSP requests on. Both IPv4 and IPv6 are possible.
The port may also be specified using the B<-url> option.
A C<0> argument indicates that any available port shall be chosen automatically.
=item B<-ignore_err>

4
test/recipes/80-test_cmp_http_data/test_connection.csv
View File

@ -2,8 +2,8 @@ expected,description, -section,val, -server,val, -proxy,val, -no_proxy,val, -tls
,Message transfer options:,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,
1,default config, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
TBD,Domain name, -section,, -server,_SERVER_CN:_SERVER_PORT,,,,,,,,,,,,,,
TBD,IP address, -section,, -server,_SERVER_IP:_SERVER_PORT,,,,,,,,,,,,,,
1,server domain name, -section,, -server,localhost:_SERVER_PORT,,,,,,,,,,,,,,
1,server IPv6 address, -section,, -server,[::]:_SERVER_PORT,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,
0,wrong server, -section,, -server,xn--rksmrgs-5wao1o.example.com:_SERVER_PORT,,,,,BLANK,,,, -msg_timeout,1,BLANK,,BLANK,
0,wrong server port, -section,, -server,_SERVER_HOST:99,,,,,BLANK,,,, -msg_timeout,1,BLANK,,BLANK,

1 expected description -section val -server val -proxy val -no_proxy val -tls_used noarg -path val -msg_timeout int -total_timeout int -keep_alive val
2 Message transfer options:
3
4 1 default config -section BLANK BLANK BLANK BLANK
5 TBD 1 Domain name server domain name -section -server _SERVER_CN:_SERVER_PORT localhost:_SERVER_PORT
6 TBD 1 IP address server IPv6 address -section -server _SERVER_IP:_SERVER_PORT [::]:_SERVER_PORT
7
8 0 wrong server -section -server xn--rksmrgs-5wao1o.example.com:_SERVER_PORT BLANK -msg_timeout 1 BLANK BLANK
9 0 wrong server port -section -server _SERVER_HOST:99 BLANK -msg_timeout 1 BLANK BLANK