[gnutls-help] Forcing IPv4 with gnutls-cli?

Manuel Pégourié-Gonnard mpg at polarssl.org
Fri Jul 11 02:33:46 CEST 2014


Hi,

Assume I want to connect to a DTLS server on localhost, that listens only in
IPv4. On IPv6-capable systems, localhost also resolves as ::1 and this is the
first address gnutls-cli tries. Unfortunately, with UDP it cannot detect that
no-one is listening on the other side, so it keeps trying to resend it
ClientHello to ::1 until it times out and exits with a failing status.

I can force the use of IPv4 by specifying the host as "127.0.0.1" instead of
"localhost" but then certificate validation fails.

(Of course the use of localhost here is only an example, the same issue arises
with any host whose name resolves to an IPv6 address too, but where the DTLS
server only listens in IPv4.)

I looked in the man page for one of the following options which would solve my
problem, but failed to find them.

1. Ability for force IPv4 or IPv6.
2. Ability to specify separately a name for certificate validation and an
address for the actual connection.

Am I missing something obvious?

Thanks in advance,
Manuel.

PS: now I'm looking into --tofu to work around the problem. Is there a way to
specify an alternative "known_hosts" file?



More information about the Gnutls-help mailing list