Bug 277343 - net/socat: IPv6 for OPENSSL-CONNECT no longer works with 1.8.0.0_1
Summary: net/socat: IPv6 for OPENSSL-CONNECT no longer works with 1.8.0.0_1
Status: Closed DUPLICATE of bug 275653
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Emanuel Haupt
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-02-27 02:45 UTC by Kolbjørn Barmen
Modified: 2024-02-27 13:05 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (ehaupt)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kolbjørn Barmen 2024-02-27 02:45:59 UTC 
Note:
* only socat seems to be affected, openssl s_client works as expected.
* my own example domain uphoria.no has _only_ AAAA-record, no A-record.
* this used to work with versions prior to 1.8.0.0_1

Example:
 :> printf "gemini://uphoria.no\r\n" | socat - "openssl-connect:uphoria.no:1965" | cat | head -n 1                                    ~ (96400) [UTF-8] [3:27:31]
2024/02/27 03:42:07 socat[3423] W OpenSSL: Warning: this implementation does not check CRLs
2024/02/27 03:42:07 socat[3423] E getaddrinfo("uphoria.no", "1965", {0x00,2,1,6}, {}): Address family for hostname not supported


Expected behavour:

 :> printf "gemini://uphoria.no\r\n" | socat - "openssl-connect:uphoria.no:1965" | cat | head -n 1
2024/02/27 03:43:24 socat[7534] W OpenSSL: Warning: this implementation does not check CRLs
20 text/gemini



:> pkg info socat
socat-1.8.0.0_1
Name           : socat
Version        : 1.8.0.0_1
Installed on   : Wed Jan 17 13:26:16 2024 CET
Origin         : net/socat
Architecture   : FreeBSD:14:amd64
Prefix         : /usr/local
Categories     : net
Licenses       : GPLv2
Maintainer     : ehaupt@FreeBSD.org
WWW            : http://www.dest-unreach.org/socat/
Comment        : Multipurpose relay and more
Options        :
	DOCS           : on
	IPV6DEFAULT    : off
	READLINE       : off
Annotations    :
	FreeBSD_version: 1400097
	build_timestamp: 2024-01-06T01:19:32+0000
	built_by       : poudriere-git-3.4.0
	cpe            : cpe:2.3:a:dest-unreach:socat:1.8.0.0:::::freebsd14:x64:1
	port_checkout_unclean: no
	port_git_hash  : 756e18783
	ports_top_checkout_unclean: no
	ports_top_git_hash: 756e18783
	repo_type      : binary
	repository     : FreeBSD
Flat size      : 597KiB
Description    :
socat is a relay for bidirectional data transfer between two independent
data channels. Each of these data channels may be a file, pipe, device
(terminal or modem etc.), socket (UNIX, IP4, IP6 - raw, UDP, TCP), a file
descriptor (stdin etc.), a program, or an arbitrary combination of two of
these.

socat can be used, e.g., as TCP relay (one-shot or daemon), as an external
socksifier, for attacking weak firewalls, as a shell interface to UNIX
sockets, IP6 relay, for redirecting TCP oriented programs like brutus to a
serial line, or to establish a relatively secure environment (su and chroot)
for running client or server shell scripts with network connections.
Comment 2 Emanuel Haupt freebsd_committer freebsd_triage 2024-02-27 08:45:30 UTC 

*** This bug has been marked as a duplicate of bug 275653 ***
Comment 3 Kolbjørn Barmen 2024-02-27 10:30:44 UTC 
(In reply to Emanuel Haupt from comment #1)

I can confirm that using -6 works, and more I can confirm that setting SOCAT_DEFAULT_LISTEN_IP=0 (or 6) also works (which doesn't appear so intuitive, I'm not using socat to listen, but to connect).

What I find "astonihing" is that default behaviour now to never even try IPv6, even when target host resolves _only_ AAAA-record.
Comment 4 Emanuel Haupt freebsd_committer freebsd_triage 2024-02-27 13:05:15 UTC 
I recommend addressing the concern by reaching out directly to the upstream project. You can do so by contacting them at socat@dest-unreach.org or visiting their website at http://www.dest-unreach.org/socat/ for more information.