Ran into the issue with ai_protocol value in mbedtls_net_connect() function. Used as is on IPv4 enabled platform the call to mbedtls_net_connect() returns error -0x066. That is caused by the line
hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP;
which when function is called with MBEDTLS_NET_PROTO_TCP for “proto” sets the hints.ai_protocol to IPPROTO_TCP which is defined as 6.
Setting hints.ai_protocol manually to 0 makes everything work fine. I see the same done in Google’s GCP IoT library for example, where the mbedtls_net_connect() is reimplemented and the hints.ai_protocol is set to 0 as well.
Is this a bug in the code? I didn’t check if this works on Linux/Win or Cygwin as we are not using mbedTLS on those platforms.
mbedTLS version we are using is:
mbedTLS version: mbed TLS 2.16.6 branch released 2020-04-14
The code in question:
/*
-
Initiate a TCP connection with host:port and the given protocol
*/
int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host,
const char *port, int proto )
{
int ret;
struct addrinfo hints, *addr_list, *cur;if( ( ret = net_prepare() ) != 0 )
return( ret );/* Do name resolution with both IPv6 and IPv4 */
memset( &hints, 0, sizeof( hints ) );
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM;
hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP;if( getaddrinfo( host, port, &hints, &addr_list ) != 0 )
return( MBEDTLS_ERR_NET_UNKNOWN_HOST );/* Try the sockaddrs until a connection succeeds */
ret = MBEDTLS_ERR_NET_UNKNOWN_HOST;
for( cur = addr_list; cur != NULL; cur = cur->ai_next )
{
ctx->fd = (int) socket( cur->ai_family, cur->ai_socktype,
cur->ai_protocol );
if( ctx->fd < 0 )
{
ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
continue;
}