New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No IPv6 support in JSS SSLSocket and SSLServerSocket #2695
Comments
Comment from edewata (@edewata) at 2017-01-13 21:18:09 See also ticket 2570. The IPA issue with IPv6 could be addressed by changing the AJP hostname to "localhost" instead of "127.0.0.1" or "::1". |
Comment from cheimes (@tiran) at 2017-01-19 12:43:37 It took me a bit to realize that Fedora and RHEL packages of JSS come with additional patches. One of the patches provides IPv6 support, https://src.fedoraproject.org/cgit/rpms/jss.git/tree/jss-ipv6.patch?h=f25 |
Comment from mharmsen (@mharmsen) at 2017-01-26 19:47:02 As this will be addressed by upstream integration of JSS which is due in the 10.4 timeframe, I will move this ticket to 10.4 - critical |
Comment from cheimes (@tiran) at 2017-02-27 14:11:56 Metadata Update from @tiran:
|
Comment from cheimes (@tiran) at 2017-04-10 02:22:52 Upstream from Mozilla and downstream packages in Fedora have diverged. Fedora's downstream package source like http://pki.fedoraproject.org/pki/sources/jss/4.4.1/jss-4.4.1.tar.gz contain a patched version with proper AF_INET6 support. I'm closing this ticket. |
Comment from cheimes (@tiran) at 2017-04-10 02:22:55 Metadata Update from @tiran:
|
Comment from cheimes (@tiran) at 2017-04-10 02:23:16 Metadata Update from @tiran:
|
Comment from mharmsen (@mharmsen) at 2017-04-13 12:37:39 Metadata Update from @mharmsen:
|
This issue was migrated from Pagure Issue #2575. Originally filed by cheimes (@tiran) on 2017-01-13 17:15:50:
LdapJssSSLSocketFactory
uses JSS'sSSLSocket
fromorg.mozilla.jss
. As of now SSLSocket is limited to AF_INET (IPv4) connections [1]. The experimental JSS branch contains IPv6 support [2]. Other places likeHttpConnFactory
are probably affected, too.TomcatJSS seems to be affected, too. SSLServerSocket.socketBind() is hard-coded to AF_INET as well. [3]
Also see freeipa/freeipa#395 and https://fedorahosted.org/freeipa/ticket/6575
[1] https://hg.mozilla.org/projects/jss/file/1a96a08e6f3d/org/mozilla/jss/ssl/SSLSocket.c#l443
[2] https://hg.mozilla.org/projects/jss/file/c76470016016/org/mozilla/jss/ssl/SSLSocket.c#l593
[3] https://hg.mozilla.org/projects/jss/file/1a96a08e6f3d/org/mozilla/jss/ssl/common.c#l374
The text was updated successfully, but these errors were encountered: