The references to the dns_server are now setup after the tls connection is setup.
This ensures that the stream got fully stopped when the initial tls setup failed
instead of having the unref being blocked by the reference to the stream by the server.
Therefore on_stream_io would no longer be called with a half setup encrypted connection.
Fixes the issue reported in #9838.
fd = -1;
- if (t->server) {
- dns_stream_unref(t->server->stream);
- t->server->stream = dns_stream_ref(s);
- s->server = dns_server_ref(t->server);
- }
-
#if ENABLE_DNS_OVER_TLS
if (DNS_SERVER_FEATURE_LEVEL_IS_TLS(t->current_feature_level)) {
assert(t->server);
}
#endif
+ if (t->server) {
+ dns_stream_unref(t->server->stream);
+ t->server->stream = dns_stream_ref(s);
+ s->server = dns_server_ref(t->server);
+ }
+
s->complete = on_stream_complete;
s->on_packet = dns_stream_on_packet;