Re: s6-tlsserver versus $TCPLOCALPORT

From: Laurent Bercot <>
Date: Wed, 06 May 2020 10:16:32 +0000

>Hi. I ran into a problem while porting a service from William
>Baxter's ucspi-ssl to s6-tlsserver: $TCPLOCALPORT wasn't being set. I
>see that you've designed s6-tcpserver-access to handle setting that
>variable, but it doesn't work when run under s6-tlsserver, where it
>gets a pipe instead of the socket:

  Agh! That's a painful one, because it's a complete oversight on my
Thanks for the report, and sorry.

>It makes sense to have DNS/ident lookups and access control factored
>out into a separate program, but $TCPLOCALIP and $TCPLOCALPORT would
>have to be set directly in s6-tcpserver4d and s6-tcpserver6d, wouldn't

  Not necessarily, they can still be set in a separate program, but said
program would need to be invoked *before* s6-tlsd - the element that
creates the pipes to run the rest of the command line under.

  The problem here is that s6-tlsserver, which is a high-level command
that embeds several smaller ones, does not include s6-tcpserver-access
in the command line it is rewriting itself into. I wanted to keep the
symmetry with s6-tcpserver (and also not bother with parsing all the
s6-tcpserver-access options ^^'), so I left s6-tcpserver-access out of
what s6-tlsserver frontends for; but as you correctly point out, it was
a mistake, because you cannot chain s6-tlsserver into

  The fix is for s6-tlsserver to embed a s6-tcpserver-access call in the
command line, before the s6-tlsd one. I will work on it.

Received on Wed May 06 2020 - 10:16:32 UTC

This archive was generated by hypermail 2.3.0 : Sun May 09 2021 - 19:38:49 UTC