diff -up openssl-1.0.2a/apps/s_apps.h.ipv6-apps openssl-1.0.2a/apps/s_apps.h

--- openssl-1.0.2a/apps/s_apps.h.ipv6-apps	2015-04-20 15:01:24.029120104 +0200

+++ openssl-1.0.2a/apps/s_apps.h	2015-04-20 15:05:00.353137701 +0200

@@ -151,7 +151,7 @@ typedef fd_mask fd_set;

 #define PORT_STR        "4433"

 #define PROTOCOL        "tcp"

-int do_server(int port, int type, int *ret,

+int do_server(char *port, int type, int *ret,

               int (*cb) (char *hostname, int s, int stype,

                          unsigned char *context), unsigned char *context,

               int naccept);

@@ -167,11 +167,10 @@ int ssl_print_point_formats(BIO *out, SS

 int ssl_print_curves(BIO *out, SSL *s, int noshared);

 #endif

 int ssl_print_tmp_key(BIO *out, SSL *s);

-int init_client(int *sock, char *server, int port, int type);

+int init_client(int *sock, char *server, char *port, int type);

 int should_retry(int i);

 int extract_port(char *str, short *port_ptr);

-int extract_host_port(char *str, char **host_ptr, unsigned char *ip,

-                      short *p);

+int extract_host_port(char *str, char **host_ptr, char **port_ptr);

 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,

                                    int argi, long argl, long ret);

diff -up openssl-1.0.2a/apps/s_client.c.ipv6-apps openssl-1.0.2a/apps/s_client.c

--- openssl-1.0.2a/apps/s_client.c.ipv6-apps	2015-04-20 15:01:24.022119942 +0200

+++ openssl-1.0.2a/apps/s_client.c	2015-04-20 15:06:42.338503234 +0200

@@ -662,7 +662,7 @@ int MAIN(int argc, char **argv)

     int cbuf_len, cbuf_off;

     int sbuf_len, sbuf_off;

     fd_set readfds, writefds;

-    short port = PORT;

+    char *port_str = PORT_STR;

     int full_log = 1;

     char *host = SSL_HOST_NAME;

     char *cert_file = NULL, *key_file = NULL, *chain_file = NULL;

@@ -785,13 +785,11 @@ int MAIN(int argc, char **argv)

         } else if (strcmp(*argv, "-port") == 0) {

             if (--argc < 1)

                 goto bad;

-            port = atoi(*(++argv));

-            if (port == 0)

-                goto bad;

+            port_str = *(++argv);

         } else if (strcmp(*argv, "-connect") == 0) {

             if (--argc < 1)

                 goto bad;

-            if (!extract_host_port(*(++argv), &host, NULL, &port))

+            if (!extract_host_port(*(++argv), &host, &port_str))

                 goto bad;

         } else if (strcmp(*argv, "-verify") == 0) {

             verify = SSL_VERIFY_PEER;

@@ -1417,7 +1415,7 @@ int MAIN(int argc, char **argv)

  re_start:

-    if (init_client(&s, host, port, socket_type) == 0) {

+    if (init_client(&s, host, port_str, socket_type) == 0) {

         BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error());

         SHUTDOWN(s);

         goto end;

diff -up openssl-1.0.2a/apps/s_server.c.ipv6-apps openssl-1.0.2a/apps/s_server.c

--- openssl-1.0.2a/apps/s_server.c.ipv6-apps	2015-04-20 15:01:24.030120127 +0200

+++ openssl-1.0.2a/apps/s_server.c	2015-04-20 15:10:47.245187746 +0200

@@ -1061,7 +1061,7 @@ int MAIN(int argc, char *argv[])

 {

     X509_VERIFY_PARAM *vpm = NULL;

     int badarg = 0;

-    short port = PORT;

+    char *port_str = PORT_STR;

     char *CApath = NULL, *CAfile = NULL;

     char *chCApath = NULL, *chCAfile = NULL;

     char *vfyCApath = NULL, *vfyCAfile = NULL;

@@ -1148,7 +1148,8 @@ int MAIN(int argc, char *argv[])

         if ((strcmp(*argv, "-port") == 0) || (strcmp(*argv, "-accept") == 0)) {

             if (--argc < 1)

                 goto bad;

-            if (!extract_port(*(++argv), &port))

+            port_str = *(++argv);

+            if (port_str == NULL || *port_str == '\0')

                 goto bad;

         } else if (strcmp(*argv, "-naccept") == 0) {

             if (--argc < 1)

@@ -2020,13 +2021,13 @@ int MAIN(int argc, char *argv[])

     BIO_printf(bio_s_out, "ACCEPT\n");

     (void)BIO_flush(bio_s_out);

     if (rev)

-        do_server(port, socket_type, &accept_socket, rev_body, context,

+        do_server(port_str, socket_type, &accept_socket, rev_body, context,

                   naccept);

     else if (www)

-        do_server(port, socket_type, &accept_socket, www_body, context,

+        do_server(port_str, socket_type, &accept_socket, www_body, context,

                   naccept);

     else

-        do_server(port, socket_type, &accept_socket, sv_body, context,

+        do_server(port_str, socket_type, &accept_socket, sv_body, context,

                   naccept);

     print_stats(bio_s_out, ctx);

     ret = 0;

diff -up openssl-1.0.2a/apps/s_socket.c.ipv6-apps openssl-1.0.2a/apps/s_socket.c

--- openssl-1.0.2a/apps/s_socket.c.ipv6-apps	2015-03-19 14:30:36.000000000 +0100

+++ openssl-1.0.2a/apps/s_socket.c	2015-04-20 15:32:53.960079507 +0200

@@ -106,9 +106,7 @@ static struct hostent *GetHostByName(cha

 static void ssl_sock_cleanup(void);

 # endif

 static int ssl_sock_init(void);

-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type);

-static int init_server(int *sock, int port, int type);

-static int init_server_long(int *sock, int port, char *ip, int type);

+static int init_server(int *sock, char *port, int type);

 static int do_accept(int acc_sock, int *sock, char **host);

 static int host_ip(char *str, unsigned char ip[4]);

@@ -231,65 +229,66 @@ static int ssl_sock_init(void)

     return (1);

 }

-int init_client(int *sock, char *host, int port, int type)

+int init_client(int *sock, char *host, char *port, int type)

 {

-    unsigned char ip[4];

-

-    memset(ip, '\0', sizeof ip);

-    if (!host_ip(host, &(ip[0])))

-        return 0;

-    return init_client_ip(sock, ip, port, type);

-}

-

-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)

-{

-    unsigned long addr;

-    struct sockaddr_in them;

-    int s, i;

+    struct addrinfo *res, *res0, hints;

+    char *failed_call = NULL;

+    int s;

+    int e;

     if (!ssl_sock_init())

         return (0);

-    memset((char *)&them, 0, sizeof(them));

-    them.sin_family = AF_INET;

-    them.sin_port = htons((unsigned short)port);

-    addr = (unsigned long)

-        ((unsigned long)ip[0] << 24L) |

-        ((unsigned long)ip[1] << 16L) |

-        ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]);

-    them.sin_addr.s_addr = htonl(addr);

-

-    if (type == SOCK_STREAM)

-        s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);

-    else                        /* ( type == SOCK_DGRAM) */

-        s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);

-

-    if (s == INVALID_SOCKET) {

-        perror("socket");

+    memset(&hints, '\0', sizeof(hints));

+    hints.ai_socktype = type;

+    hints.ai_flags = AI_ADDRCONFIG;

+

+    e = getaddrinfo(host, port, &hints, &res;;

+    if (e) {

+        fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));

+        if (e == EAI_SYSTEM)

+            perror("getaddrinfo");

         return (0);

     }

+

+    res0 = res;

+    while (res) {

+        s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);

+        if (s == INVALID_SOCKET) {

+            failed_call = "socket";

+            goto nextres;

+        }

 # if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)

-    if (type == SOCK_STREAM) {

-        i = 0;

-        i = setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, (char *)&i, sizeof(i));

-        if (i < 0) {

-            closesocket(s);

-            perror("keepalive");

-            return (0);

+        if (type == SOCK_STREAM) {

+            int i = 0;

+            i = setsockopt(s, SOL_SOCKET, SO_KEEPALIVE,

+                           (char *)&i, sizeof(i));

+            if (i < 0) {

+                failed_call = "keepalive";

+                goto nextres;

+            }

         }

-    }

 # endif

-

-    if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) {

-        closesocket(s);

-        perror("connect");

-        return (0);

+        if (connect(s, (struct sockaddr *)res->ai_addr, res->ai_addrlen) == 0) {

+            freeaddrinfo(res0);

+            *sock = s;

+            return (1);

+        }

+

+        failed_call = "socket";

+ nextres:

+        if (s != INVALID_SOCKET)

+            close(s);

+        res = res->ai_next;

     }

-    *sock = s;

-    return (1);

+    freeaddrinfo(res0);

+    closesocket(s);

+

+    perror(failed_call);

+    return (0);

 }

-int do_server(int port, int type, int *ret,

+int do_server(char *port, int type, int *ret,

               int (*cb) (char *hostname, int s, int stype,

                          unsigned char *context), unsigned char *context,

               int naccept)

@@ -328,69 +327,89 @@ int do_server(int port, int type, int *r

     }

 }

-static int init_server_long(int *sock, int port, char *ip, int type)

+static int init_server(int *sock, char *port, int type)

 {

-    int ret = 0;

-    struct sockaddr_in server;

-    int s = -1;

+    struct addrinfo *res, *res0 = NULL, hints;

+    char *failed_call = NULL;

+    int s = INVALID_SOCKET;

+    int e;

     if (!ssl_sock_init())

         return (0);

-    memset((char *)&server, 0, sizeof(server));

-    server.sin_family = AF_INET;

-    server.sin_port = htons((unsigned short)port);

-    if (ip == NULL)

-        server.sin_addr.s_addr = INADDR_ANY;

-    else

-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */

-# ifndef BIT_FIELD_LIMITS

-        memcpy(&server.sin_addr.s_addr, ip, 4);

-# else

-        memcpy(&server.sin_addr, ip, 4);

-# endif

-

-    if (type == SOCK_STREAM)

-        s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);

-    else                        /* type == SOCK_DGRAM */

-        s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);

+    memset(&hints, '\0', sizeof(hints));

+    hints.ai_family = AF_INET6;

+ tryipv4:

+    hints.ai_socktype = type;

+    hints.ai_flags = AI_PASSIVE;

+

+    e = getaddrinfo(NULL, port, &hints, &res;;

+    if (e) {

+        if (hints.ai_family == AF_INET) {

+            fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));

+            if (e == EAI_SYSTEM)

+                perror("getaddrinfo");

+            return (0);

+        } else

+            res = NULL;

+    }

-    if (s == INVALID_SOCKET)

-        goto err;

+    res0 = res;

+    while (res) {

+        s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);

+        if (s == INVALID_SOCKET) {

+            failed_call = "socket";

+            goto nextres;

+        }

+        if (hints.ai_family == AF_INET6) {

+            int j = 0;

+            setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&j, sizeof j);

+        }

 # if defined SOL_SOCKET && defined SO_REUSEADDR

-    {

-        int j = 1;

-        setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j);

-    }

-# endif

-    if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {

-# ifndef OPENSSL_SYS_WINDOWS

-        perror("bind");

+        {

+            int j = 1;

+            setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j);

+        }

 # endif

-        goto err;

+

+        if (bind(s, (struct sockaddr *)res->ai_addr, res->ai_addrlen) == -1) {

+            failed_call = "bind";

+            goto nextres;

+        }

+        if (type == SOCK_STREAM && listen(s, 128) == -1) {

+            failed_call = "listen";

+            goto nextres;

+        }

+

+        *sock = s;

+        return (1);

+

+ nextres:

+        if (s != INVALID_SOCKET)

+            close(s);

+        res = res->ai_next;

     }

-    /* Make it 128 for linux */

-    if (type == SOCK_STREAM && listen(s, 128) == -1)

-        goto err;

-    *sock = s;

-    ret = 1;

- err:

-    if ((ret == 0) && (s != -1)) {

-        SHUTDOWN(s);

+    if (res0)

+        freeaddrinfo(res0);

+

+    if (s == INVALID_SOCKET) {

+        if (hints.ai_family == AF_INET6) {

+            hints.ai_family = AF_INET;

+            goto tryipv4;

+        }

+        perror("socket");

+        return (0);

     }

-    return (ret);

-}

-static int init_server(int *sock, int port, int type)

-{

-    return (init_server_long(sock, port, NULL, type));

+    perror(failed_call);

+    return (0);

 }

 static int do_accept(int acc_sock, int *sock, char **host)

 {

+    static struct sockaddr_storage from;

+    char buffer[NI_MAXHOST];

     int ret;

-    struct hostent *h1, *h2;

-    static struct sockaddr_in from;

     int len;

 /*      struct linger ling; */

@@ -432,134 +451,60 @@ static int do_accept(int acc_sock, int *

     ling.l_onoff=1;

     ling.l_linger=0;

     i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));

-    if (i < 0) { perror("linger"); return(0); }

+    if (i < 0) { closesocket(ret); perror("linger"); return(0); }

     i=0;

     i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));

-    if (i < 0) { perror("keepalive"); return(0); }

+    if (i < 0) { closesocket(ret); perror("keepalive"); return(0); }

 */

     if (host == NULL)

         goto end;

-# ifndef BIT_FIELD_LIMITS

-    /* I should use WSAAsyncGetHostByName() under windows */

-    h1 = gethostbyaddr((char *)&from.sin_addr.s_addr,

-                       sizeof(from.sin_addr.s_addr), AF_INET);

-# else

-    h1 = gethostbyaddr((char *)&from.sin_addr,

-                       sizeof(struct in_addr), AF_INET);

-# endif

-    if (h1 == NULL) {

-        BIO_printf(bio_err, "bad gethostbyaddr\n");

+

+    if (getnameinfo((struct sockaddr *)&from, sizeof(from),

+                    buffer, sizeof(buffer), NULL, 0, 0)) {

+        BIO_printf(bio_err, "getnameinfo failed\n");

         *host = NULL;

         /* return(0); */

     } else {

-        if ((*host = (char *)OPENSSL_malloc(strlen(h1->h_name) + 1)) == NULL) {

+        if ((*host = (char *)OPENSSL_malloc(strlen(buffer) + 1)) == NULL) {

             perror("OPENSSL_malloc");

             closesocket(ret);

             return (0);

         }

-        BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1);

-

-        h2 = GetHostByName(*host);

-        if (h2 == NULL) {

-            BIO_printf(bio_err, "gethostbyname failure\n");

-            closesocket(ret);

-            return (0);

-        }

-        if (h2->h_addrtype != AF_INET) {

-            BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");

-            closesocket(ret);

-            return (0);

-        }

+        strcpy(*host, buffer);

     }

  end:

     *sock = ret;

     return (1);

 }

-int extract_host_port(char *str, char **host_ptr, unsigned char *ip,

-                      short *port_ptr)

+int extract_host_port(char *str, char **host_ptr, char **port_ptr)

 {

-    char *h, *p;

+    char *h, *p, *x;

-    h = str;

-    p = strchr(str, ':');

+    x = h = str;

+    if (*h == '[') {

+        h++;

+        p = strchr(h, ']');

+        if (p == NULL) {

+            BIO_printf(bio_err, "no ending bracket for IPv6 address\n");

+            return (0);

+        }

+        *(p++) = '\0';

+        x = p;

+    }

+    p = strchr(x, ':');

     if (p == NULL) {

         BIO_printf(bio_err, "no port defined\n");

         return (0);

     }

     *(p++) = '\0';

-    if ((ip != NULL) && !host_ip(str, ip))

-        goto err;

     if (host_ptr != NULL)

         *host_ptr = h;

+    if (port_ptr != NULL)

+        *port_ptr = p;

-    if (!extract_port(p, port_ptr))

-        goto err;

-    return (1);

- err:

-    return (0);

-}

-

-static int host_ip(char *str, unsigned char ip[4])

-{

-    unsigned int in[4];

-    int i;

-

-    if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) ==

-        4) {

-        for (i = 0; i < 4; i++)

-            if (in[i] > 255) {

-                BIO_printf(bio_err, "invalid IP address\n");

-                goto err;

-            }

-        ip[0] = in[0];

-        ip[1] = in[1];

-        ip[2] = in[2];

-        ip[3] = in[3];

-    } else {                    /* do a gethostbyname */

-        struct hostent *he;

-

-        if (!ssl_sock_init())

-            return (0);

-

-        he = GetHostByName(str);

-        if (he == NULL) {

-            BIO_printf(bio_err, "gethostbyname failure\n");

-            goto err;

-        }

-        /* cast to short because of win16 winsock definition */

-        if ((short)he->h_addrtype != AF_INET) {

-            BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");

-            return (0);

-        }

-        ip[0] = he->h_addr_list[0][0];

-        ip[1] = he->h_addr_list[0][1];

-        ip[2] = he->h_addr_list[0][2];

-        ip[3] = he->h_addr_list[0][3];

-    }

-    return (1);

- err:

-    return (0);

-}

-

-int extract_port(char *str, short *port_ptr)

-{

-    int i;

-    struct servent *s;

-

-    i = atoi(str);

-    if (i != 0)

-        *port_ptr = (unsigned short)i;

-    else {

-        s = getservbyname(str, "tcp");

-        if (s == NULL) {

-            BIO_printf(bio_err, "getservbyname failure for %s\n", str);

-            return (0);

-        }

-        *port_ptr = ntohs((unsigned short)s->s_port);

-    }

     return (1);

 }