Fix some IPv6 proxy issues

drwetter · drwetter · commit 18da1b8df506 · 2025-03-25T19:13:30.000+01:00
As a quick hack this PR enables *basically* the IPv6 proxy which results that testssl.sh will use an IPv6 proxy when * the binary supports that * the binary is used an not tls_sockets() * there's no A record but an AAAA record of the proxy or an IPv6 address as proxy address was specified. The latter should guarantee that it doesn't break anything. However tls_sockets() still uses IPv4 for the connection to the proxy. See #1105
diff --git a/testssl.sh b/testssl.sh
@@ -21962,17 +21962,23 @@ check_proxy() {
           # strip off http/https part if supplied:
           PROXY="${PROXY/http\:\/\//}"
           PROXY="${PROXY/https\:\/\//}"      # this shouldn't be needed
+          PROXYPORT="${PROXY##*:}"
           PROXYNODE="${PROXY%:*}"
-          PROXYPORT="${PROXY#*:}"
           is_number "$PROXYPORT" || fatal "Proxy port cannot be determined from \"$PROXY\"" $ERR_CMDLINE
 
-          #if is_ipv4addr "$PROXYNODE" || is_ipv6addr "$PROXYNODE" ; then
-          # IPv6 via openssl -proxy: that doesn't work. Sockets does
-#FIXME: finish this with LibreSSL which supports an IPv6 proxy
+          #FIXME: finish this with IPv6 proxy support, see #1105.
           if is_ipv4addr "$PROXYNODE"; then
                PROXYIP="$PROXYNODE"
+          elif is_ipv6addr "$PROXYNODE"; then
+               # Maybe an option like --proxy6 is better for purists
+               PROXYIP="[$PROXYNODE]"
           else
+               # We check now preferred whether there was an IPv4 proxy via DNS specified
+               # If it fails it could be an IPv6 only proxy via DNS or we just can't reach the proxy
                PROXYIP="$(get_a_record "$PROXYNODE" 2>/dev/null | grep -v alias | sed 's/^.*address //')"
+               if [[ -z "$PROXYIP" ]]; then
+                    PROXYIP="$(get_aaaa_record "$PROXYNODE" 2>/dev/null | grep -v alias | sed 's/^.*address //')"
+               fi
                [[ -z "$PROXYIP" ]] && fatal "Proxy IP cannot be determined from \"$PROXYNODE\"" $ERR_CMDLINE
           fi
           PROXY="-proxy $PROXYIP:$PROXYPORT"
