- Fix that TCP interface does not use TLS when TLS is also configured.

diff --git a/doc/Changelog b/doc/Changelog
index 19a314c2c6f07b9b3b0e91a944fe999a30746f5c..f00a1b4a77d137e6b41b208e197b95b48ba694e6 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+7 February 2022: Wouter
+       - Fix that TCP interface does not use TLS when TLS is also configured.
+
 4 February 2022: Wouter
        - Fix #412: cache invalidation issue with CNAME+A.
 

diff --git a/services/listen_dnsport.c b/services/listen_dnsport.c
index 983b96f09eec24637636275e7cfb70918f35b923..d6a90f1e68d86aafd2ad3b6ffeb99360f6d20dcf 100644 (file)
--- a/services/listen_dnsport.c
+++ b/services/listen_dnsport.c
@@ -1369,17 +1369,17 @@ listen_create(struct comm_base* base, struct listen_port* ports,
        while(ports) {
                struct comm_point* cp = NULL;
                if(ports->ftype == listen_type_udp ||
-                  ports->ftype == listen_type_udp_dnscrypt)
+                  ports->ftype == listen_type_udp_dnscrypt) {
                        cp = comm_point_create_udp(base, ports->fd,
                                front->udp_buff, cb, cb_arg, ports->socket);
-               else if(ports->ftype == listen_type_tcp ||
-                               ports->ftype == listen_type_tcp_dnscrypt)
+               } else if(ports->ftype == listen_type_tcp ||
+                               ports->ftype == listen_type_tcp_dnscrypt) {
                        cp = comm_point_create_tcp(base, ports->fd,
                                tcp_accept_count, tcp_idle_timeout,
                                harden_large_queries, 0, NULL,
                                tcp_conn_limit, bufsize, front->udp_buff,
                                ports->ftype, cb, cb_arg, ports->socket);
-               else if(ports->ftype == listen_type_ssl ||
+               } else if(ports->ftype == listen_type_ssl ||
                        ports->ftype == listen_type_http) {
                        cp = comm_point_create_tcp(base, ports->fd,
                                tcp_accept_count, tcp_idle_timeout,
@@ -1410,15 +1410,22 @@ listen_create(struct comm_base* base, struct listen_port* ports,
 #endif
                        }
                } else if(ports->ftype == listen_type_udpancil ||
-                                 ports->ftype == listen_type_udpancil_dnscrypt)
+                                 ports->ftype == listen_type_udpancil_dnscrypt) {
                        cp = comm_point_create_udp_ancil(base, ports->fd,
                                front->udp_buff, cb, cb_arg, ports->socket);
+               }
                if(!cp) {
                        log_err("can't create commpoint");
                        listen_delete(front);
                        return NULL;
                }
-               if(http_notls && ports->ftype == listen_type_http)
+               if((http_notls && ports->ftype == listen_type_http) ||
+                       (ports->ftype == listen_type_tcp) ||
+                       (ports->ftype == listen_type_udp) ||
+                       (ports->ftype == listen_type_udpancil) ||
+                       (ports->ftype == listen_type_tcp_dnscrypt) ||
+                       (ports->ftype == listen_type_udp_dnscrypt) ||
+                       (ports->ftype == listen_type_udpancil_dnscrypt))
                        cp->ssl = NULL;
                else
                        cp->ssl = sslctx;