dnsdist: Set the DoH ticket rotation delay before loading tickets

Before that change, we could have loaded DoH STEK from a file without
properly setting the next rotation, causing a ticket rotation to
happen during the first TLS session establishment.
This can be prevented by setting `ticketsKeysRotationDelay=0`.

diff --git a/pdns/dnsdistdist/doh.cc b/pdns/dnsdistdist/doh.cc
index 6abf4b304e25e51326bb78fdc48e2d55b790fbab..781aac1c34d1e7cd1afbd93a013148a06e5f9456 100644 (file)
--- a/pdns/dnsdistdist/doh.cc
+++ b/pdns/dnsdistdist/doh.cc
@@ -1098,6 +1098,7 @@ static void setupTLSContext(DOHAcceptContext& acceptCtx,
 
   h2o_ssl_register_alpn_protocols(ctx.get(), h2o_http2_alpn_protocols);
 
+  acceptCtx.d_ticketsKeyRotationDelay = tlsConfig.d_ticketsKeyRotationDelay;
   if (tlsConfig.d_ticketKeyFile.empty()) {
     acceptCtx.handleTicketsKeyRotation();
   }