2

I cannot wrap my head around why this command does not work: 

openssl s_client -connect [fe80::xxxx:xxxx:xxxx:xxxx]:yyyy

Note: I have garbled the link local address above with x's, but I have some valid link local ipv6 address. yyyy is the port number.

I get the error:

1995535248:error:02002016:system library:connect:Invalid argument:../crypto/bio/b_sock2.c:108:
1995535248:error:2008A067:BIO routines:BIO_connect:connect error:../crypto/bio/b_sock2.c:109:
connect:errno=22

I also tried putting single/double quotes, but it resulted in the same error:

openssl s_client -connect '[fe80::xxxx:xxxx:xxxx:xxxx]:yyyy'

I'm using version OpenSSL 1.1.0f, which should have the support for IPv6.

Using IPv4 address, it works.

dcow
  • 7,765
  • 3
  • 45
  • 65
leopoodle
  • 2,110
  • 7
  • 24
  • 36
  • 2
    You can't use link-local addresses without specifying the link. Whether OpenSSL will understand that I don't know, but the example you gave above definitely won't work – Sander Steffann Feb 07 '18 at 19:57

1 Answers1

5

IPv6 link local addresses require a scope ID, but you don't seem to have one. Thus your address is invalid, and the error you received, Invalid argument, is literally the problem.

To fix it, add the correct scope ID, i.e. the interface you're connecting to. For example:

# openssl s_client -connect "[fe80::e1f5:ba3f:9ae5:4fe9%wlp5s0]:443"
CONNECTED(00000003)
depth=0 C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = localhost.localdomain, emailAddress = root@localhost.localdomain
verify error:num=18:self signed certificate
verify return:1
depth=0 C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = localhost.localdomain, emailAddress = root@localhost.localdomain
verify return:1
Michael Hampton
  • 9,737
  • 4
  • 55
  • 96