I just pushed a fix. It was an interesting quirk. The API for accepet includes a pointer and length to a place to put the IP Address of the remote site. The type of that place is struct sockaddr. sockaddr is generic, presumably big enough for the biggest address format. They botched something, I'm not sure what. A sockaddr isn't big enough for an IPv6 address.
I also added a missing free in the openssl area. I'm not sure how many are still missing. Much of our stuff gets free-ed. There isn't a cleanup hook for the NTS stuff. Anybody good at tracking this stuff? There is a tool. I forget the name. I'd probably run it with a bare system, then again with several NTS clients and look for differences. Then similar for the server side. FreeBSD is still using OpenSSL 1.1.1a which doesn't work for making S2C and C2S. It does work if you force TLS1.2 -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
