PR: 2005

Submitted by: steve@openssl.org

Some systems have broken IPv6 headers and/or implementations. If
OPENSSL_USE_IPV6 is set to 0 IPv6 is not used, if it is set to 1 it is used
and if undefined an attempt is made to detect at compile time by checking
if AF_INET6 is set and excluding known problem platforms.

diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c
index e5c99c6954bceda3fead27c0a9946c8a4c3eb3d9..462dc2ff467f7bc2027ab6fbce3b4dc8b4c8d19b 100644 (file)
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@@ -88,11 +88,6 @@ NETDB_DEFINE_CONTEXT
 static int wsa_init_done=0;
 #endif
 
-#if defined(OPENSSL_SYS_BEOS_BONE)             
-/* BONE's IP6 support is incomplete */
-#undef AF_INET6
-#endif
-
 #if 0
 static unsigned long BIO_ghbn_hits=0L;
 static unsigned long BIO_ghbn_miss=0L;
@@ -654,7 +649,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
                if (strchr(h,':'))
                        {
                        if (h[1]=='\0') h=NULL;
-#ifdef AF_INET6
+#if OPENSSL_USE_IPV6
                        hint.ai_family = AF_INET6;
 #else
                        h=NULL;
@@ -720,7 +715,7 @@ again:
                        client = server;
                        if (h == NULL || strcmp(h,"*") == 0)
                                {
-#ifdef AF_INET6
+#if OPENSSL_USE_IPV6
                                if (client.sa_family == AF_INET6)
                                        {
                                        struct sockaddr_in6 *sin6 =

diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c
index cd9f497a25031991c7475c7b8c74388c3e3a44f4..b2b4a4a993d6d121e9c0d63bba2b14b827e26a1e 100644 (file)
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
@@ -429,12 +429,14 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                                &sockopt_val, sizeof(sockopt_val))) < 0)
                                perror("setsockopt");
                        break;
+#if OPENSSL_USE_IPV6
                case AF_INET6:
                        sockopt_val = IPV6_PMTUDISC_DO;
                        if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
                                &sockopt_val, sizeof(sockopt_val))) < 0)
                                perror("setsockopt");
                        break;
+#endif
                default:
                        ret = -1;
                        break;
@@ -470,6 +472,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                                ret = data->mtu;
                                }
                        break;
+#if OPENSSL_USE_IPV6
                case AF_INET6:
                        if ((ret = getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU, (void *)&sockopt_val,
                                &sockopt_len)) < 0 || sockopt_val < 0)
@@ -485,6 +488,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                                ret = data->mtu;
                                }
                        break;
+#endif
                default:
                        ret = 0;
                        break;

diff --git a/e_os.h b/e_os.h
index 3fbfe8e0ba69c3badc359d1057542dc3a21f0587..0f4b7994f55efb5f964e225c24c7d349ddeb6ab2 100644 (file)
--- a/e_os.h
+++ b/e_os.h
@@ -624,6 +624,18 @@ static unsigned int _strlen31(const char *str)
 #    define INVALID_SOCKET     (-1)
 #    endif /* INVALID_SOCKET */
 #  endif
+
+/* Some IPv6 implementations are broken, disable them in known bad
+ * versions.
+ */
+#  if !defined(OPENSSL_USE_IPV6)
+#    if defined(AF_INET6) && !defined(OPENSSL_SYS_BEOS_BONE) && !defined(NETWARE_CLIB)
+#      define OPENSSL_USE_IPV6 1
+#    else
+#      define OPENSSL_USE_IPV6 0
+#    endif
+#  endif
+
 #endif
 
 #if defined(__ultrix)