From: Dr. Stephen Henson <steve@openssl.org>
Date: Wed, 26 Aug 2009 15:15:15 +0000 (+0000)
Subject: PR: 2005
X-Git-Tag: OpenSSL-fips-2_0-rc1~1557
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=a6dab873d9b90165cbbe8845592fec963c154eb9

PR: 2005
Submitted by: steve@openssl.org

Some systems have broken IPv6 headers and/or implementations. If
OPENSSL_USE_IPV6 is set to 0 IPv6 is not used, if it is set to 1 it is used
and if undefined an attempt is made to detect at compile time by checking
if AF_INET6 is set and excluding known problem platforms.
---

diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c
index e5c99c6954..462dc2ff46 100644
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@@ -88,11 +88,6 @@ NETDB_DEFINE_CONTEXT
 static int wsa_init_done=0;
 #endif
 
-#if defined(OPENSSL_SYS_BEOS_BONE)		
-/* BONE's IP6 support is incomplete */
-#undef AF_INET6
-#endif
-
 #if 0
 static unsigned long BIO_ghbn_hits=0L;
 static unsigned long BIO_ghbn_miss=0L;
@@ -654,7 +649,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
 		if (strchr(h,':'))
 			{
 			if (h[1]=='\0') h=NULL;
-#ifdef AF_INET6
+#if OPENSSL_USE_IPV6
 			hint.ai_family = AF_INET6;
 #else
 			h=NULL;
@@ -720,7 +715,7 @@ again:
 			client = server;
 			if (h == NULL || strcmp(h,"*") == 0)
 				{
-#ifdef AF_INET6
+#if OPENSSL_USE_IPV6
 				if (client.sa_family == AF_INET6)
 					{
 					struct sockaddr_in6 *sin6 =
diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c
index cd9f497a25..b2b4a4a993 100644
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
@@ -429,12 +429,14 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 				&sockopt_val, sizeof(sockopt_val))) < 0)
 				perror("setsockopt");
 			break;
+#if OPENSSL_USE_IPV6
 		case AF_INET6:
 			sockopt_val = IPV6_PMTUDISC_DO;
 			if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
 				&sockopt_val, sizeof(sockopt_val))) < 0)
 				perror("setsockopt");
 			break;
+#endif
 		default:
 			ret = -1;
 			break;
@@ -470,6 +472,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 				ret = data->mtu;
 				}
 			break;
+#if OPENSSL_USE_IPV6
 		case AF_INET6:
 			if ((ret = getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU, (void *)&sockopt_val,
 				&sockopt_len)) < 0 || sockopt_val < 0)
@@ -485,6 +488,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 				ret = data->mtu;
 				}
 			break;
+#endif
 		default:
 			ret = 0;
 			break;
diff --git a/e_os.h b/e_os.h
index 3fbfe8e0ba..0f4b7994f5 100644
--- a/e_os.h
+++ b/e_os.h
@@ -624,6 +624,18 @@ static unsigned int _strlen31(const char *str)
 #    define INVALID_SOCKET	(-1)
 #    endif /* INVALID_SOCKET */
 #  endif
+
+/* Some IPv6 implementations are broken, disable them in known bad
+ * versions.
+ */
+#  if !defined(OPENSSL_USE_IPV6)
+#    if defined(AF_INET6) && !defined(OPENSSL_SYS_BEOS_BONE) && !defined(NETWARE_CLIB)
+#      define OPENSSL_USE_IPV6 1
+#    else
+#      define OPENSSL_USE_IPV6 0
+#    endif
+#  endif
+
 #endif
 
 #if defined(__ultrix)