Shared publicly  - 
 
Nearly every time I use the OpenSSL command line tools I get angry. It’s 2012 and OpenSSL’s s_client still doesn’t work with IPv6. Every time, I go to the Debian bugtracker first. Every time, I see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=589520 and apply that patch.

I’ve been doing that so often, that I had enough of it and went to the OpenSSL request tracker: http://rt.openssl.org/index.html?q=ipv6 (user/pass: guest/guest). Turns out they actually have several patches lying around for that. The oldest one is 5 years old!

I cannot understand how the OpenSSL developers fail to merge several working patches for an issue which is obviously important enough for several people to come up with various patches for 5 YEARS! :-(
50
13
Hari Bhanu's profile photoLudwig Tropes (seminex)'s profile photoJulian Dunn's profile photo南柯舟's profile photo
15 comments
 
I think forking is over the top. Time to merge this patch, rather :).
 
The OpenSSL project still uses CVS. That in itself is enough reason to fork, I'd say.
 
Why would anyone want to fork OpenSSL when GNU-TLS provides an alternative with a much nicer API?

As far as s_client is concerned, gnutls-cli does support IPv6.
 
As someone who has used the SSL functionality provided by GNU-TLS, I can say that its implementation is not really the best out there.
 
The OpenSSL project writes code that is far too complex, hard to use, and unstructured. Documentation on how to use it still does not exist. PolarSSL doesn't support ECDH.GNU-TLS is the best of several bad options.
 
I demand my money back. Maybe they don't have anyone to check out how secure IPv6 is.
 
+Jacob Sheridan This is about end user tools, not core functionality. TLS is transit layer agnostic.
 
You know how open source works right? If you complain, you might as well request source access, do everyone a favor and integrate once for all.
 
Have you tried asking? With open source, you lose the right to complain if you haven't first tried.
 
Most open source client SSL traffic on the web goes through the NSS library used by Mozilla Firefox and Google Chrome; not OpenSSL.
 
That's pretty misleading: OpenSSL is widely used on the server side, and traffic has to go through both. Also, this is about tools, not the core libraries.
Add a comment...