From eb05334bdb1256149f4cc38c9ff3838cf2d1f9ad Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Tue, 12 Dec 2023 15:21:54 +0100
Subject: [PATCH] tcpiohandler: Added a comment explaining the HTTP/1.1
 addition to ALPN

---
 pdns/tcpiohandler.cc | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/pdns/tcpiohandler.cc b/pdns/tcpiohandler.cc
index 8435913e85..bb038e64c5 100644
--- a/pdns/tcpiohandler.cc
+++ b/pdns/tcpiohandler.cc
@@ -1815,7 +1815,12 @@ bool setupDoHProtocolNegotiation(std::shared_ptr<TLSCtx>& ctx)
   if (ctx == nullptr) {
     return false;
   }
-  /* we want to set the ALPN to doh */
+  /* This code is only called for incoming/server TLS contexts (not outgoing/client),
+     and h2o sets it own ALPN values.
+     We want to set the ALPN for DoH:
+     - HTTP/1.1 so that the OpenSSL callback ALPN accepts it, letting us later return a static response
+     - HTTP/2
+  */
   const std::vector<std::vector<uint8_t>> dohAlpns{{'h', '2'},{'h', 't', 't', 'p', '/', '1', '.', '1'}};
   ctx->setALPNProtos(dohAlpns);
 
-- 
2.47.2