tlsdate-helper: openssl: support connecting on IPv6-only networks. #132
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
openssl's BIO_s_connect methods support IPv4 only. Use BIO_s_fd instead to connect using a file descriptor, and supply our own pre-connected socket file descriptor. This allows us to support both IPv4 and IPv6 servers.
For example, if a given host has both IPv4 and IPv6 addresses, and your client device thinks it has a valid IPv6 route but that route doesn't work, tlsdate-helper could delay for a very long time as it failed on the IPv6 addresses one by one. This way it will try the IPv4 addresses at the same time, and just use the first socket that connects successfully, so there is no delay.
|
This looks like you've replaced the carefully proxy safe code with direct calls to socket() and connect(). I'd accept this patch if it ensured proxy support didn't break - which as far as I can tell - accepting/merging will break it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
openssl's BIO_s_connect methods support IPv4 only. Use BIO_s_fd instead
to connect using a file descriptor, and supply our own pre-connected socket
file descriptor. This allows us to support for IPv4 and IPv6 servers.