Skip Menu |
 

This queue is for tickets about the IO-Socket-SSL CPAN distribution.

Report information
The Basics
Id: 41601
Status: rejected
Priority: 0/
Queue: IO-Socket-SSL

People
Owner: Nobody in particular
Requestors: dmuey [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in: 1.18
Fixed in: (no value)



Subject: IPv6 default behavior logic improvement
Download (untitled) / with headers
text/plain 1.1k
Hello, The POD's IPv6 section it says: "If you give a name as a host and the host resolves to both IPv6 and IPv4 it will try IPv6 first and if there is no IPv6 connectivity it will fail." Wouldn't it be better, if the host resolved to both IPv6 and IPv4 to: try IPv6, if that fails try IPv4, and if that fails *then* die ? I've found often that clients resolve to both IPv6/4 but really only use IPv4 for anything. And hence things ambiguously break with some obscure errors buried deep in a strace that vaguely points out the culprit: 15742 getpeername(7, {sa_family=AF_INET, sin_port=htons(50440), sin_addr=inet_addr("X.X.X>X")}, [16]) = 0 15742 write(2, "Bad arg length for Socket6::unpack_sockaddr_in6, length is 16, should be 28 at /usr/lib/perl5/site_perl/5.8.8/i686-linux/Socket6.pm line 282.\n", 142) = 142 I understand import('inet4') will fix it but I think it'd more desirous that "working by default and blowing up in this circumstance only if they specifically import('ipv6_only')" would be better than the "breaking the majority of the internet by defaulting to brokenness and require special handling for the more common everyday uses to work" make more sense.
Download (untitled) / with headers
text/plain 826b
I think you can pass through the MultiHomed parameter from IO::Socket::INET6 and it will try all available addresses. But I think this is a bad idea: If the service is only up for IPv4 and not for IPv6 but the lookup returns A and AAAA records then I consider the service as broken. Even if you use multihomed it could take forever to find out that A works but AAAA not (especially if the AAAA connections just times out and does not get a RST). So the service is unreliable and therefore broken and should be fixed instead of making the world work around the problem. If you don't trust IPv6 then you should not enable IPv6 on your system, in which case DNS lookups should only be done for A records. If you don't trust IPv6 for this connection you should force it to IPv4 (set Domain to AF_INET, not leave it to AF_UNSPEC)


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.