Improve IPv6 address handling in ocspserve

When setting an IPv6 address to listing on via the -address command-line argument for both serve and ocspserve, the latter errors with "listen tcp: address ::1:8889: too many colons in address" unless it is escaped. However, the former uses the net library to process the address and port, which results in the enforced escaping of IPv6 addresses regardless of if the address is already enclosed in square brackets (e.g. [::1]). This changes oscpserve to use the same net library call as serve to provide consistency between the two calls when handling IPv6 addresses.
cloudflare · May 8, 2021 · 00a28f6 · 00a28f6
1 parent 6dd12c2
commit 00a28f6
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/cli/ocspserve/ocspserve.go b/cli/ocspserve/ocspserve.go
@@ -3,8 +3,9 @@ package ocspserve
 
 import (
 	"errors"
-	"fmt"
+	"net"
 	"net/http"
+	"strconv"
 
 	"github.com/cloudflare/cfssl/cli"
 	"github.com/cloudflare/cfssl/log"
@@ -53,7 +54,7 @@ func ocspServerMain(args []string, c cli.Config) error {
 	log.Info("Registering OCSP responder handler")
 	http.Handle(c.Path, ocsp.NewResponder(src, nil))
 
-	addr := fmt.Sprintf("%s:%d", c.Address, c.Port)
+	addr := net.JoinHostPort(c.Address, strconv.Itoa(c.Port))
 	log.Info("Now listening on ", addr)
 	return http.ListenAndServe(addr, nil)
 }