Fossil Forum

Forum
Login

TLS Server IP address detection broken

(1) By ashish on 2019-03-29 18:06:24

Hi,

Since [f517cb7f], TLS server IP address detection is broken again (which was unbroken through my provided patch in [8a4ad5cb]) on OpenSSL 1.1.x platform, as BIO_get_conn_address is defined as a C pre-processor macro:

Also I think BIO_ADDR_hostname_string and BIO_get_conn_address are only introduced in OpenSSL v1.1, so probably it's safe to check only for presence of BIO_ADDR_hostname_string function, in short, revert [f517cb7f].

Also, we can rely on HAVE_BIO_ADDR_HOSTNAME_STRING, instead of defining redundant HAVE_BIO_ADDR_HS

I'm testing on FreeBSD 12 (amd64).

Thanks!

(2) By andybradford on 2019-03-30 15:47:43 [link] in reply to 1

Done. That gave me a chance  to finally try out "fossil merge --backout"
so we can see the nifty dashed line rendering:

https://www.fossil-scm.org/index.html/timeline?c=2019-03-30+15:40:18

Also,  regarding  HAVE_BIO_ADDR_HS vs  HAVE_BIO_ADDR_HOSTNAME_STRING,  I
looked through the  Fossil sources and couldn't find  the latter defined
anywhere, so I'm not sure in  what way HAVE_BIO_ADDR_HS is redundant. Or
did  you mean  that we  could  rely on  BIO_get_conn_address instead  of
having Fossil detect BIO_ADDR_hostname_string?

For example:

#ifdef BIO_get_conn_address
...
#else
...
#endif

Thanks,

Andy

(3) By ashish on 2019-03-31 05:21:09 [link] in reply to 2

Thank you for reverting.

Also, regarding HAVE_BIO_ADDR_HS vs HAVE_BIO_ADDR_HOSTNAME_STRING, I looked through the Fossil sources and couldn't find the latter defined anywhere, so I'm not sure in what way HAVE_BIO_ADDR_HS is redundant.

It seems like it gets defined, courtesy: cc-check-function-in-lib, when the function in question is successfully found. Following is an excerpt from autoconfig.h on my host after configuring Fossil for building while at checkout f52d63e37:

    #define FOSSIL_ENABLE_TH1_DOCS 1
    #define FOSSIL_ENABLE_TH1_HOOKS 1
    #define FOSSIL_HAVE_FUSEFS 1
    #define HAVE_ARPA_NAMESER_H 1
    /* #undef HAVE_BACKTRACE */
    /* #undef HAVE_BIND_RESOLV_H */
    #define HAVE_BIO_ADDR_HOSTNAME_STRING 1
    #define HAVE_BIO_ADDR_HS 1
    #define HAVE_DLOPEN 1
    #define HAVE_DN_EXPAND 1

HTH

(4) By andybradford on 2019-04-02 05:33:52 [link] in reply to 3

Indeed cc-check-function-in-lib does so automatically---though I was not
aware of this  behavior---so I've cleaned it up further  and removed the
redundancy. I tested it on a  system that has OpenSSL 1.1.0 and verified
that nm reports the symbol for BIO_ADDR_hostname_string().

Thanks,

Andy