[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7194) tlso_session_chkhost issue for OpenSSL TLS

Full_Name: Dimosthenis Pettas
Version: 2.4.23
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

I use OpenLDAP version 2.4.23 client to connect via TLS to an LDAP
i initialize connection with an IPV6 address using url
ldap://[fd00:1111:1111:72:20c:29ff:fec5:4ade]:389 and then try to extend
connection to TLS with calling ldap_start_tls_s. when trying to match
client-server certificates hosts inside tlso_session_chkhost in tls_o.c we try
to determine client host type(IS_DNS,IS_IP4,IS_IP6) but for IPV6 it expects to
find "[" at first position and "]" at latst one to determine IPV6 address:

#ifdef LDAP_PF_INET6
	if (name[0] == '[' && strchr(name, ']')) {
		char *n2 = ldap_strdup(name+1);
		*strchr(n2, ']') = 0;
		if (inet_pton(AF_INET6, n2, &addr))
			ntype = IS_IP6;
	} else 

but it seems that [] have been removed inside ldap_url_parse_ext in Url.c:

	/* If [ip address]:port syntax, url is [ip and we skip the [ */
	ludp->lud_host = LDAP_STRDUP( url + is_v6 );

So name is not [fd00:1111:1111:72:20c:29ff:fec5:4ade] but
fd00:1111:1111:72:20c:29ff:fec5:4ade and code above fails to determine ntype =

i modified code to:

#ifdef LDAP_PF_INET6

  if (inet_pton(AF_INET6, name, &addr))
	  ntype = IS_IP6;

	} else 
	if ((ptr = strrchr(name, '.')) && isdigit((unsigned char)ptr[1])) {
		if (inet_aton(name, (struct in_addr *)&addr)) 
		  ntype = IS_IP4;

letting functions inet_pton and inet_aton determing IP type.Scenario worked.
Let me know if i miss anything or this should be corrected.

Sorry for submitting again ,i wanted to correct email address