Use the AI_ADDRCONFIG flag in tls_connect(). This tells the resolver

to ignore unsupported address families - eg. don't resolv IPv6 on IPv4-only hosts. OK jsing@
author: reyk <reyk@openbsd.org> 2015-02-08 04:12:34 +0000
committer: reyk <reyk@openbsd.org> 2015-02-08 04:12:34 +0000
commit: 6c6e775bcf78fb0d7e7347e57a0064797bcebed0 (patch)
tree: 2239e688280b020d047250a8407c80278155f1c6 /lib/libtls
parent: Hilarious! We are not ready yet for large stack random biases, due to (diff)
download: wireguard-openbsd-6c6e775bcf78fb0d7e7347e57a0064797bcebed0.tar.xz
wireguard-openbsd-6c6e775bcf78fb0d7e7347e57a0064797bcebed0.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/libtls/tls_client.c b/lib/libtls/tls_client.c
index 85733cdd5e8..0894ce63336 100644
--- a/lib/libtls/tls_client.c
+++ b/lib/libtls/tls_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_client.c,v 1.11 2015/02/07 09:50:09 jsing Exp $ */
+/* $OpenBSD: tls_client.c,v 1.12 2015/02/08 04:12:34 reyk Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -82,6 +82,7 @@ tls_connect(struct tls *ctx, const char *host, const char *port)
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_family = AF_UNSPEC;
 	hints.ai_socktype = SOCK_STREAM;
+	hints.ai_flags = AI_ADDRCONFIG;
 
 	if ((ret = getaddrinfo(h, p, &hints, &res0)) != 0) {
 		tls_set_error(ctx, "%s", gai_strerror(ret));
author	reyk <reyk@openbsd.org>	2015-02-08 04:12:34 +0000
committer	reyk <reyk@openbsd.org>	2015-02-08 04:12:34 +0000
commit	6c6e775bcf78fb0d7e7347e57a0064797bcebed0 (patch)
tree	2239e688280b020d047250a8407c80278155f1c6 /lib/libtls
parent	Hilarious! We are not ready yet for large stack random biases, due to (diff)
download	wireguard-openbsd-6c6e775bcf78fb0d7e7347e57a0064797bcebed0.tar.xz wireguard-openbsd-6c6e775bcf78fb0d7e7347e57a0064797bcebed0.zip