From: Remi Gacogne Date: Mon, 20 May 2019 08:21:13 +0000 (+0200) Subject: dnsdist: Document that SNIRule will not work with h2o <= 2.3.0-beta X-Git-Tag: rec-4.2.0-rc1~3^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ba45a22c4a10608bcf47b155ca0efd169d35c095;p=thirdparty%2Fpdns.git dnsdist: Document that SNIRule will not work with h2o <= 2.3.0-beta --- diff --git a/pdns/dnsdistdist/docs/reference/dq.rst b/pdns/dnsdistdist/docs/reference/dq.rst index d8f37c51ba..c19d6dad9b 100644 --- a/pdns/dnsdistdist/docs/reference/dq.rst +++ b/pdns/dnsdistdist/docs/reference/dq.rst @@ -96,7 +96,8 @@ This state can be modified from the various hooks. .. versionadded:: 1.4.0 - Return the TLS Server Name Indication (SNI) value sent by the client over DoT or DoH, if any + Return the TLS Server Name Indication (SNI) value sent by the client over DoT or DoH, if any. See :func:`SNIRule` + for more information, especially about the availability of SNI over DoH. :returns: A string containing the TLS SNI value, if any diff --git a/pdns/dnsdistdist/docs/rules-actions.rst b/pdns/dnsdistdist/docs/rules-actions.rst index 546063d311..746776da74 100644 --- a/pdns/dnsdistdist/docs/rules-actions.rst +++ b/pdns/dnsdistdist/docs/rules-actions.rst @@ -760,8 +760,10 @@ These ``DNSRule``\ s be one of the following items: .. versionadded:: 1.4.0 Matches against the TLS Server Name Indication value sent by the client, if any. Only makes - sense for DoT or DoH, and for that last one matching on the HTTP Host header might provide - more consistent results. + sense for DoT or DoH, and for that last one matching on the HTTP Host header using :func:`HTTPHeaderRule` + might provide more consistent results. + As of the version 2.3.0-beta of h2o, it is unfortunately not possible to extract the SNI value from DoH + connections, and it is therefore necessary to use the HTTP Host header until version 2.3.0 is released. :param str name: The exact SNI name to match.