IPv6 support for sslserver
This post is part of a series of posts dedicated to IPv6 support for qmail:
ucspi-ssl
The ucspi-ssl package provides the sslserver program. sslserver accepts incoming SSL connections and passes them to another program such as qmail-smtpd. sslserver is almost identical to tcpserver except that it deals with encrypted SSL traffic rather than clear text.
I could not find an IPv6 patch for sslserver, however I was able to port the tcpserver patch to sslserver. You can easily apply my ucspi-ssl-0.70-ipv6.patch:
$ wget http://www.bltweb.net/qmail/ucspi-ssl-0.70-ipv6.patch
$ tar -xzf ucspi-ssl-0.70.tar.gz
$ cd host/superscript.com/net/ucspi-ssl-0.70
$ patch -p1 < ../../../../ucspi-ssl-0.70-ipv6.patch
$ package/compile
$ sudo package/install
sslserver
To understand what the sslserver portion of the IPv6 patch does, you should be familiar with the sslserver man page and read about how tcpserver handles IPv6 on Fefe’s ucspi-tcp page. Essentially, if a client connects via IPv4, sslserver exhibits it’s normal behavior. If a client connects with IPv6, the PROTO environment variable will be set to “SSL6” instead of “SSL“.
The patch also supports using IPv6 addresses in your tcprules files. A new rule may look like this:
2001:470:1f0f:350::1:allow,GREETDELAY=”0″
After applying this patch, you may notice that your logs are filled with addresses similar to: ::ffff:192.168.1.1. This is because internally sslserver treats every IP as an IPv6 address. IPv4 addresses are represented using their IPv4 mapped address.
Summary
If you have any comments, corrections, or questions, please feel free to leave a comment below. Remember Gentoo users can apply all of my qmail patches automatically by using the ebuilds in my gentoo-overlay.
Once you’ve patched sslserver, you should move on to patching jgreylist for IPv6.