Bug 277343

Summary:	net/socat: IPv6 for OPENSSL-CONNECT no longer works with 1.8.0.0_1
Product:	Ports & Packages	Reporter:	Kolbjørn Barmen <freebsd>
Component:	Individual Port(s)	Assignee:	Emanuel Haupt <ehaupt>
Status:	Closed DUPLICATE
Severity:	Affects Some People	CC:	freebsd
Priority:	---	Flags:	bugzilla: maintainer-feedback? (ehaupt)
Version:	Latest
Hardware:	Any
OS:	Any

Description Kolbjørn Barmen 2024-02-27 02:45:59 UTC

Note:
* only socat seems to be affected, openssl s_client works as expected.
* my own example domain uphoria.no has _only_ AAAA-record, no A-record.
* this used to work with versions prior to 1.8.0.0_1

Example:
 :> printf "gemini://uphoria.no\r\n" | socat - "openssl-connect:uphoria.no:1965" | cat | head -n 1                                    ~ (96400) [UTF-8] [3:27:31]
2024/02/27 03:42:07 socat[3423] W OpenSSL: Warning: this implementation does not check CRLs
2024/02/27 03:42:07 socat[3423] E getaddrinfo("uphoria.no", "1965", {0x00,2,1,6}, {}): Address family for hostname not supported


Expected behavour:

 :> printf "gemini://uphoria.no\r\n" | socat - "openssl-connect:uphoria.no:1965" | cat | head -n 1
2024/02/27 03:43:24 socat[7534] W OpenSSL: Warning: this implementation does not check CRLs
20 text/gemini



:> pkg info socat
socat-1.8.0.0_1
Name           : socat
Version        : 1.8.0.0_1
Installed on   : Wed Jan 17 13:26:16 2024 CET
Origin         : net/socat
Architecture   : FreeBSD:14:amd64
Prefix         : /usr/local
Categories     : net
Licenses       : GPLv2
Maintainer     : ehaupt@FreeBSD.org
WWW            : http://www.dest-unreach.org/socat/
Comment        : Multipurpose relay and more
Options        :
	DOCS           : on
	IPV6DEFAULT    : off
	READLINE       : off
Annotations    :
	FreeBSD_version: 1400097
	build_timestamp: 2024-01-06T01:19:32+0000
	built_by       : poudriere-git-3.4.0
	cpe            : cpe:2.3:a:dest-unreach:socat:1.8.0.0:::::freebsd14:x64:1
	port_checkout_unclean: no
	port_git_hash  : 756e18783
	ports_top_checkout_unclean: no
	ports_top_git_hash: 756e18783
	repo_type      : binary
	repository     : FreeBSD
Flat size      : 597KiB
Description    :
socat is a relay for bidirectional data transfer between two independent
data channels. Each of these data channels may be a file, pipe, device
(terminal or modem etc.), socket (UNIX, IP4, IP6 - raw, UDP, TCP), a file
descriptor (stdin etc.), a program, or an arbitrary combination of two of
these.

socat can be used, e.g., as TCP relay (one-shot or daemon), as an external
socksifier, for attacking weak firewalls, as a shell interface to UNIX
sockets, IP6 relay, for redirecting TCP oriented programs like brutus to a
serial line, or to establish a relatively secure environment (su and chroot)
for running client or server shell scripts with network connections.

Comment 1 Emanuel Haupt freebsd_committer

2024-02-27 08:44:01 UTC

This looks related:
https://cgit.freebsd.org/ports/commit/net/socat/Makefile?id=4c6bb66915d405ad49d3d843c6fdd2857e9371c8
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275653

Can you try adding the -6 argument?

Comment 2 Emanuel Haupt freebsd_committer

2024-02-27 08:45:30 UTC


*** This bug has been marked as a duplicate of bug 275653 ***

Comment 3 Kolbjørn Barmen 2024-02-27 10:30:44 UTC

(In reply to Emanuel Haupt from comment #1)

I can confirm that using -6 works, and more I can confirm that setting SOCAT_DEFAULT_LISTEN_IP=0 (or 6) also works (which doesn't appear so intuitive, I'm not using socat to listen, but to connect).

What I find "astonihing" is that default behaviour now to never even try IPv6, even when target host resolves _only_ AAAA-record.

Comment 4 Emanuel Haupt freebsd_committer

2024-02-27 13:05:15 UTC

I recommend addressing the concern by reaching out directly to the upstream project. You can do so by contacting them at socat@dest-unreach.org or visiting their website at http://www.dest-unreach.org/socat/ for more information.