Hi,

the server I connect to using stunnel has just been upgraded to IPv6. In the process an AAAA record was added to its DNS entry. The box I run stunnel on is IPv4-only, meaning, the kernel does not have any IPv6 support at all. The DNS stub resolver is still looking for AAAA records though. Consequently stunnel connections now fail about half of the time with error:

2016.11.18 20:10:57 LOG3[ui]: remote socket: Address family not supported by protocol (97)

From looking at client.c I can see that stunnel supports trying all

target addresses in turn but will bail if the socket cannot be created:

for(ind_try=0; ind_try<c->connect_addr.num; ind_try++) { c->fd=s_socket(c->connect_addr.addr[ind_cur].sa.sa_family, SOCK_STREAM, 0, 1, "remote socket"); if(c->fd==INVALID_SOCKET) longjmp(c->err, 1); [...] if(s_connect(c, &c->connect_addr.addr[ind_cur], [...] continue; /* next IP */ } [...] return fd; /* success! */

So I guess the problem would go away if I enabled IPv6 in the kernel of my client box: s_socket() would succeed but connect() would fail with ENETUNREACH.

But couldn't stunnel just continue with the next IP if s_socket() failed with EAFNOSUPPORT?