Supplying of both -6 and --ip=one results in picking an IPv6 address

... previously it depended on the order of DNS replies otherwise. This was
one outcome of discussion in #1026 where it seemed more logical
to pick an IPv6 address as opposed to an abitrary (v4/v6) address.

doc/testssl.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "TESTSSL" "1" "June 2018" "" ""
+.TH "TESTSSL" "1" "August 2018" "" ""
 .
 .SH "NAME"
 \fBtestssl\fR
@@ -128,7 +128,7 @@ Please note that the content of \fBfname\fR has to be in Unix format\. DOS carri
 \fB\-\-mx <domain|host>\fR tests all MX records (STARTTLS, port 25) from high to low priority one after the other\.
 .
 .P
-\fB\-\-ip <ip>\fR tests either the supplied IPv4 or IPv6 address instead of resolving host(s) in \fB<URI>\fR\. IPv6 addresses needs to be in square brackets\. \fB\-\-ip=one\fR means: just test the first DNS returns (useful for multiple IPs)\. It\'s also useful if you want to resolve the supplied hostname to a different IP, similar as if you would edit \fB/etc/hosts\fR or \fB/c/Windows/System32/drivers/etc/hosts\fR\. \fB\-\-ip=proxy\fR tries a DNS resolution via proxy\.
+\fB\-\-ip <ip>\fR tests either the supplied IPv4 or IPv6 address instead of resolving host(s) in \fB<URI>\fR\. IPv6 addresses needs to be in square brackets\. \fB\-\-ip=one\fR means: just test the first DNS returns (useful for multiple IPs)\. If \fB\-6\fR was supplied too, an IPv6 address is being picked if available and supported by the openssl binary\. It might be also useful if you want to resolve the supplied hostname to a different IP, similar as if you would edit \fB/etc/hosts\fR or \fB/c/Windows/System32/drivers/etc/hosts\fR\. \fB\-\-ip=proxy\fR tries a DNS resolution via proxy\.
 .
 .P
 \fB\-\-proxy <host>:<port>\fR does the whole check via the specified HTTP proxy\. \fB\-\-proxy=auto\fR inherits the proxy setting from the environment\. Proxying via IPv6 addresses is not possible\. The hostname supplied will only be resolved to the first A record\. Authentication to the proxy is not supported\. In addition if you want lookups via proxy you can specify \fBDNS_VIA_PROXY=true\fR\.

doc/testssl.1.html

@@ -181,7 +181,7 @@ host.example.com:631
 <p><code>--mx &lt;domain|host></code>     tests all MX records (STARTTLS, port 25) from high to low priority one after the other.</p>
 
 <p><code>--ip &lt;ip></code>              tests either the supplied IPv4 or IPv6 address instead of resolving host(s) in <code>&lt;URI></code>. IPv6 addresses needs to be in square brackets.
-                   <code>--ip=one</code> means: just test the first DNS returns (useful for multiple IPs). It's also useful if you want to resolve the supplied hostname to  a different IP, similar as if you would edit <code>/etc/hosts</code> or <code>/c/Windows/System32/drivers/etc/hosts</code>. <code>--ip=proxy</code> tries a DNS resolution via proxy.</p>
+                   <code>--ip=one</code> means: just test the first DNS returns (useful for multiple IPs). If <code>-6</code> was supplied too, an IPv6 address is being picked if available and supported by the openssl binary. It might be also useful if you want to resolve the supplied hostname to a different IP, similar as if you would edit <code>/etc/hosts</code> or <code>/c/Windows/System32/drivers/etc/hosts</code>. <code>--ip=proxy</code> tries a DNS resolution via proxy.</p>
 
 <p><code>--proxy &lt;host>:&lt;port></code>    does the whole check via the specified HTTP proxy. <code>--proxy=auto</code> inherits the proxy setting from the environment. Proxying via IPv6 addresses is not possible. The hostname supplied will only be resolved to the first A record. Authentication to the proxy is not supported. In addition if you want lookups via proxy you can specify <code>DNS_VIA_PROXY=true</code>.</p>
 
@@ -571,7 +571,7 @@ to create the hashes for HPKP.</li>
 
   <ol class='man-decor man-foot man foot'>
     <li class='tl'></li>
-    <li class='tc'>June 2018</li>
+    <li class='tc'>August 2018</li>
     <li class='tr'>testssl(1)</li>
   </ol>
 

doc/testssl.1.md

@@ -104,7 +104,7 @@ Please note that the content of `fname` has to be in Unix format. DOS carriage r
 `--mx <domain|host>`     tests all MX records (STARTTLS, port 25) from high to low priority one after the other.
 
 `--ip <ip>`              tests either the supplied IPv4 or IPv6 address instead of resolving host(s) in `<URI>`. IPv6 addresses needs to be in square brackets.
-                   `--ip=one` means: just test the first DNS returns (useful for multiple IPs). It's also useful if you want to resolve the supplied hostname to  a different IP, similar as if you would edit `/etc/hosts` or `/c/Windows/System32/drivers/etc/hosts`. `--ip=proxy` tries a DNS resolution via proxy.
+                   `--ip=one` means: just test the first DNS returns (useful for multiple IPs). If `-6` was supplied too, an IPv6 address is being picked if available and supported by the openssl binary. It might be also useful if you want to resolve the supplied hostname to a different IP, similar as if you would edit `/etc/hosts` or `/c/Windows/System32/drivers/etc/hosts`. `--ip=proxy` tries a DNS resolution via proxy.
 
 `--proxy <host>:<port>`    does the whole check via the specified HTTP proxy. `--proxy=auto` inherits the proxy setting from the environment. Proxying via IPv6 addresses is not possible. The hostname supplied will only be resolved to the first A record. Authentication to the proxy is not supported. In addition if you want lookups via proxy you can specify `DNS_VIA_PROXY=true`.
 

testssl.sh

@@ -16023,9 +16023,12 @@ determine_ip_addresses() {
      if [[ -n "$CMDLINE_IP" ]]; then
           # command line has supplied an IP address or "one"
           if [[ "$CMDLINE_IP" == one ]]; then
-               # use first IPv4 or IPv6 address
-               CMDLINE_IP="$(head -1 <<< "$ip4")"
-               [[ -z "$CMDLINE_IP" ]] && CMDLINE_IP="$(head -1 <<< "$ip6")"
+               # use first IPv6 or IPv4 address
+               if "$HAS_IPv6" && [[ -n "$ip6" ]]; then
+                    CMDLINE_IP="$(head -1 <<< "$ip6")"
+               else
+                    CMDLINE_IP="$(head -1 <<< "$ip4")"
+               fi
           fi
           NODEIP="$CMDLINE_IP"
           if is_ipv4addr "$NODEIP"; then
@@ -16382,14 +16385,14 @@ display_rdns_etc() {
           outln "$(out_row_aligned_max_width "$further_ip_addrs" "                         $CORRECT_SPACES" $TERM_WIDTH)"
      fi
      if "$LOCAL_A"; then
-          outln " A record via           $CORRECT_SPACES /etc/hosts "
+          outln " A record via:          $CORRECT_SPACES /etc/hosts "
      elif "$LOCAL_AAAA"; then
-          outln " AAAA record via        $CORRECT_SPACES /etc/hosts "
+          outln " AAAA record via:       $CORRECT_SPACES /etc/hosts "
      elif  [[ -n "$CMDLINE_IP" ]]; then
           if is_ipv6addr $"$CMDLINE_IP"; then
-               outln " AAAA record via        $CORRECT_SPACES supplied IP \"$CMDLINE_IP\""
+               outln " AAAA record via:       $CORRECT_SPACES supplied IP \"$CMDLINE_IP\""
           else
-               outln " A record via           $CORRECT_SPACES supplied IP \"$CMDLINE_IP\""
+               outln " A record via:          $CORRECT_SPACES supplied IP \"$CMDLINE_IP\""
           fi
      fi
      if [[ "$rDNS" =~ instructed ]]; then