#2418: SecureServerSocket doesn't work with IpV6

2025-10-22 08:02:06 +02:00 · 2021-06-15 10:23:22 +02:00
parent 59ae91e5ba
commit 7917abf727
9 changed files with 355 additions and 70 deletions
--- a/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocketImpl.h
+++ b/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocketImpl.h
@@ -47,7 +47,7 @@ public:
 		/// with the client.
 		///
 		/// The client socket's address is returned in clientAddr.
-	
+
 	void connect(const SocketAddress& address);
 		/// Not supported by this kind of socket.
 		///
@@ -62,8 +62,18 @@ public:
 		/// Not supported by this kind of socket.
 		///
 		/// Throws a Poco::InvalidAccessException.
-	
-	void bind(const SocketAddress& address, bool reuseAddress = false, bool reusePort = false);
+
+	void bind(const SocketAddress& address, bool reuseAddress = false);
+		/// Bind a local address to the socket.
+		///
+		/// This is usually only done when establishing a server
+		/// socket. TCP clients should not bind a socket to a
+		/// specific address.
+		///
+		/// If reuseAddress is true, sets the SO_REUSEADDR
+		/// socket option.
+
+	void bind(const SocketAddress& address, bool reuseAddress, bool reusePort);
 		/// Bind a local address to the socket.
 		///
 		/// This is usually only done when establishing a server
@@ -76,7 +86,43 @@ public:
 		/// If reusePort is true, sets the SO_REUSEPORT
 		/// socket option.

-		
+	void bind6(const SocketAddress& address, bool reuseAddress = false, bool ipV6Only = false);
+		/// Bind a local IPv6 address to the socket.
+		///
+		/// This is usually only done when establishing a server
+		/// socket. TCP clients should not bind a socket to a
+		/// specific address.
+		///
+		/// If reuseAddress is true, sets the SO_REUSEADDR
+		/// socket option.
+		///
+		/// The given address must be an IPv6 address. The
+		/// IPPROTO_IPV6/IPV6_V6ONLY option is set on the socket
+		/// according to the ipV6Only parameter.
+		///
+		/// If the library has not been built with IPv6 support,
+		/// a Poco::NotImplementedException will be thrown.
+
+	void bind6(const SocketAddress& address, bool reuseAddress, bool reusePort, bool ipV6Only);
+		/// Bind a local IPv6 address to the socket.
+		///
+		/// This is usually only done when establishing a server
+		/// socket. TCP clients should not bind a socket to a
+		/// specific address.
+		///
+		/// If reuseAddress is true, sets the SO_REUSEADDR
+		/// socket option.
+		///
+		/// If reusePort is true, sets the SO_REUSEPORT
+		/// socket option.
+		///
+		/// The given address must be an IPv6 address. The
+		/// IPPROTO_IPV6/IPV6_V6ONLY option is set on the socket
+		/// according to the ipV6Only parameter.
+		///
+		/// If the library has not been built with IPv6 support,
+		/// a Poco::NotImplementedException will be thrown.
+
 	void listen(int backlog = 64);
 		/// Puts the socket into listening state.
 		///
@@ -89,27 +135,27 @@ public:

 	void close();
 		/// Close the socket.
-	
+
 	int sendBytes(const void* buffer, int length, int flags = 0);
 		/// Not supported by this kind of socket.
 		///
 		/// Throws a Poco::InvalidAccessException.
-	
+
 	int receiveBytes(void* buffer, int length, int flags = 0);
 		/// Not supported by this kind of socket.
 		///
 		/// Throws a Poco::InvalidAccessException.
-	
+
 	int sendTo(const void* buffer, int length, const SocketAddress& address, int flags = 0);
 		/// Not supported by this kind of socket.
 		///
 		/// Throws a Poco::InvalidAccessException.
-	
+
 	int receiveFrom(void* buffer, int length, SocketAddress& address, int flags = 0);
 		/// Not supported by this kind of socket.
 		///
 		/// Throws a Poco::InvalidAccessException.
-	
+
 	void sendUrgent(unsigned char data);
 		/// Not supported by this kind of socket.
 		///
@@ -118,7 +164,7 @@ public:
 	bool secure() const;
 		/// Returns true iff the socket's connection is secure
 		/// (using SSL or TLS).
-		
+
 	Context::Ptr context() const;
 		/// Returns the SSL context used by this socket.

--- a/NetSSL_OpenSSL/include/Poco/Net/SecureSocketImpl.h
+++ b/NetSSL_OpenSSL/include/Poco/Net/SecureSocketImpl.h
@@ -56,29 +56,39 @@ public:
 		/// with the client.
 		///
 		/// The client socket's address is returned in clientAddr.
-	
+
 	void connect(const SocketAddress& address, bool performHandshake);
-		/// Initializes the socket and establishes a secure connection to 
+		/// Initializes the socket and establishes a secure connection to
 		/// the TCP server at the given address.
 		///
-		/// If performHandshake is true, the SSL handshake is performed immediately 
+		/// If performHandshake is true, the SSL handshake is performed immediately
 		/// after establishing the connection. Otherwise, the handshake is performed
 		/// the first time sendBytes(), receiveBytes() or completeHandshake() is called.

 	void connect(const SocketAddress& address, const Poco::Timespan& timeout, bool performHandshake);
-		/// Initializes the socket, sets the socket timeout and 
+		/// Initializes the socket, sets the socket timeout and
 		/// establishes a secure connection to the TCP server at the given address.
 		///
-		/// If performHandshake is true, the SSL handshake is performed immediately 
+		/// If performHandshake is true, the SSL handshake is performed immediately
 		/// after establishing the connection. Otherwise, the handshake is performed
 		/// the first time sendBytes(), receiveBytes() or completeHandshake() is called.

 	void connectNB(const SocketAddress& address);
-		/// Initializes the socket and establishes a secure connection to 
+		/// Initializes the socket and establishes a secure connection to
 		/// the TCP server at the given address. Prior to opening the
 		/// connection the socket is set to nonblocking mode.

-	void bind(const SocketAddress& address, bool reuseAddress = false, bool reusePort = false);
+	void bind(const SocketAddress& address, bool reuseAddress = false);
+		/// Bind a local address to the socket.
+		///
+		/// This is usually only done when establishing a server
+		/// socket. TCP clients should not bind a socket to a
+		/// specific address.
+		///
+		/// If reuseAddress is true, sets the SO_REUSEADDR
+		/// socket option.
+
+	void bind(const SocketAddress& address, bool reuseAddress, bool reusePort);
 		/// Bind a local address to the socket.
 		///
 		/// This is usually only done when establishing a server
@@ -90,7 +100,44 @@ public:
 		///
 		/// If reusePort is true, sets the SO_REUSEPORT
 		/// socket option.
-		
+
+	void bind6(const SocketAddress& address, bool reuseAddress = false, bool ipV6Only = false);
+		/// Bind a local IPv6 address to the socket.
+		///
+		/// This is usually only done when establishing a server
+		/// socket. TCP clients should not bind a socket to a
+		/// specific address.
+		///
+		/// If reuseAddress is true, sets the SO_REUSEADDR
+		/// socket option.
+		///
+		/// The given address must be an IPv6 address. The
+		/// IPPROTO_IPV6/IPV6_V6ONLY option is set on the socket
+		/// according to the ipV6Only parameter.
+		///
+		/// If the library has not been built with IPv6 support,
+		/// a Poco::NotImplementedException will be thrown.
+
+	void bind6(const SocketAddress& address, bool reuseAddress, bool reusePort, bool ipV6Only);
+		/// Bind a local IPv6 address to the socket.
+		///
+		/// This is usually only done when establishing a server
+		/// socket. TCP clients should not bind a socket to a
+		/// specific address.
+		///
+		/// If reuseAddress is true, sets the SO_REUSEADDR
+		/// socket option.
+		///
+		/// If reusePort is true, sets the SO_REUSEPORT
+		/// socket option.
+		///
+		/// The given address must be an IPv6 address. The
+		/// IPPROTO_IPV6/IPV6_V6ONLY option is set on the socket
+		/// according to the ipV6Only parameter.
+		///
+		/// If the library has not been built with IPv6 support,
+		/// a Poco::NotImplementedException will be thrown.
+
 	void listen(int backlog = 64);
 		/// Puts the socket into listening state.
 		///
@@ -108,42 +155,42 @@ public:

 	void close();
 		/// Close the socket.
-		
+
 	void abort();
 		/// Aborts the connection by closing the
 		/// underlying TCP connection. No orderly SSL shutdown
 		/// is performed.
-	
+
 	int sendBytes(const void* buffer, int length, int flags = 0);
 		/// Sends the contents of the given buffer through
 		/// the socket. Any specified flags are ignored.
 		///
 		/// Returns the number of bytes sent, which may be
 		/// less than the number of bytes specified.
-	
+
 	int receiveBytes(void* buffer, int length, int flags = 0);
 		/// Receives data from the socket and stores it
 		/// in buffer. Up to length bytes are received.
 		///
 		/// Returns the number of bytes received.
-		
+
 	int available() const;
 		/// Returns the number of bytes available from the
 		/// SSL buffer for immediate reading.
-	
+
 	int completeHandshake();
 		/// Completes the SSL handshake.
 		///
 		/// If the SSL connection was the result of an accept(),
 		/// the server-side handshake is completed, otherwise
-		/// a client-side handshake is performed. 
-		
+		/// a client-side handshake is performed.
+
 	poco_socket_t sockfd();
 		/// Returns the underlying socket descriptor.

 	X509* peerCertificate() const;
 		/// Returns the peer's certificate.
-		
+
 	Context::Ptr context() const;
 		/// Returns the SSL context used for this socket.

@@ -158,17 +205,17 @@ public:

 	void setPeerHostName(const std::string& hostName);
 		/// Sets the peer host name for certificate validation purposes.
-		
+
 	const std::string& getPeerHostName() const;
 		/// Returns the peer host name.
-		
+
 	Session::Ptr currentSession();
 		/// Returns the SSL session of the current connection,
 		/// for reuse in a future connection (if session caching
 		/// is enabled).
 		///
 		/// If no connection is established, returns null.
-		
+
 	void useSession(Session::Ptr pSession);
 		/// Sets the SSL session to use for the next
 		/// connection. Setting a previously saved Session
@@ -178,31 +225,31 @@ public:
 		/// can be given.
 		///
 		/// Must be called before connect() to be effective.
-		
+
 	bool sessionWasReused();
 		/// Returns true iff a reused session was negotiated during
 		/// the handshake.
-		
+
 protected:
 	void acceptSSL();
 		/// Performs a server-side SSL handshake and certificate verification.

 	void connectSSL(bool performHandshake);
-		/// Performs a client-side SSL handshake and establishes a secure 
+		/// Performs a client-side SSL handshake and establishes a secure
 		/// connection over an already existing TCP connection.
-	
+
 	long verifyPeerCertificateImpl(const std::string& hostName);
 		/// Performs post-connect (or post-accept) peer certificate validation.
-		
+
 	static bool isLocalHost(const std::string& hostName);
-		/// Returns true iff the given host name is the local host 
+		/// Returns true iff the given host name is the local host
 		/// (either "localhost" or "127.0.0.1").

 	bool mustRetry(int rc);
 		/// Returns true if the last operation should be retried,
 		/// otherwise false.
 		///
-		/// In case of an SSL_ERROR_WANT_READ error, and if the socket is 
+		/// In case of an SSL_ERROR_WANT_READ error, and if the socket is
 		/// blocking, waits for the underlying socket to become readable.
 		///
 		/// In case of an SSL_ERROR_WANT_WRITE error, and if the socket is
@@ -216,7 +263,7 @@ protected:
 		/// Handles an SSL error by throwing an appropriate exception.

 	void reset();
-		/// Prepares the socket for re-use. 
+		/// Prepares the socket for re-use.
 		///
 		/// After closing and resetting a socket, the socket can
 		/// be used for a new connection.
@@ -224,7 +271,7 @@ protected:
 		/// Note that simply closing a socket is not sufficient
 		/// to be able to re-use it again.

-private:	
+private:
 	SecureSocketImpl(const SecureSocketImpl&);
 	SecureSocketImpl& operator = (const SecureSocketImpl&);

@@ -234,7 +281,7 @@ private:
 	bool _needHandshake;
 	std::string _peerHostName;
 	Session::Ptr _pSession;
-	
+
 	friend class SecureStreamSocketImpl;
 };