OpenSSL’s tools don’t support IPv6, patches unmerged without reason for 5 years

This post is about the 'openssl' tool that is provided with the OpenSSL library not supporting IPv6 - not OpenSSL itself! As far as I'm aware, IPv6 support has been provided by the library for a while.

The link's "getting angry" comment reminds me of this bug report bingo card: <a href="http://the-b.org/~kenny/bingo.txt" rel="nofollow">http://the-b.org/~kenny/bingo.txt</a><p>Which I just saw linked from this issue with an open source Android app: <a href="http://code.google.com/p/connectbot/issues/detail?id=100" rel="nofollow">http://code.google.com/p/connectbot/issues/detail?id=100</a><p>It's an amusing list of all the complaints and threats issue reporters make trying to get someone to do work for them for free. :)

Is there any way to read this without signing into a Google account. On my mobile device I am getting a prompt to sign into Google.

There are OpenSSL alternatives if you're prepared to walk the path less travelled.<p>One I've taken a shine to lately is PolarSSL[1], which has the nice quality that you can selectively compile only those modules you need. Consequently the API is quite simplified and you can use it as a <i>library</i> rather than put up with the framework-y bookkeeping OpenSSL requires.<p>I wrote a small wrapper to access the SHA-384/512 component in Lua[2]. Compared to a 500k+ OpenSSL .so, the PolarSSL version weighs in at 22k. It was a great learning experience.<p>[1] <a href="http://polarssl.org/" rel="nofollow">http://polarssl.org/</a> [2] <a href="https://github.com/jchester/lua-polarssl" rel="nofollow">https://github.com/jchester/lua-polarssl</a>

Five years is a long time. However, with something as important as OpenSSL, some degree of discretion and evaluation should be done before patches are merged.<p>Does anyone know the reason for the delay? I can't imagine that it's just them being lazy, for instance. Maybe they don't have the time and resources to properly analyze something as critical as this?<p>Edit: I guess what I mean to say is, for OpenSSL I'd rather have no feature than a feature with a security vulnerability.

OpenSSL's command line tools are so antequated and annoying that I can't help thinking that they're being held back by the Powers That Be so as to discourage casual crypto.

This annoyed me recently as I was attempting to test a daemon that was running on IPv6 only. Ended up using some netcat magic to bounce it from IPv4 to IPv6...