selection: fix TLS forwarding

diff --git a/lib/selection.c b/lib/selection.c
index 7d9b0d12fa07766875033e463aebc5debe11e6ff..20eddcd19d0e2ea1cae9a6517786585fc274929c 100644 (file)
--- a/lib/selection.c
+++ b/lib/selection.c
@@ -218,9 +218,18 @@ struct kr_transport *choose_transport(struct choice choices[],
         timeout *= 1 << timeouts;
     }
 
+    enum kr_transport_protocol protocol;
+    if (choices[choice].address_state->tls_capable) {
+        protocol = KR_TRANSPORT_TLS;
+    } else if (tcp) {
+        protocol = KR_TRANSPORT_TCP;
+    } else {
+        protocol = KR_TRANSPORT_UDP;
+    }
+
     *transport = (struct kr_transport) {
         .name = choices[choice].address_state->name,
-        .protocol = tcp ? KR_TRANSPORT_TCP : KR_TRANSPORT_UDP,
+        .protocol = protocol,
         .timeout = timeout,
     };
 

diff --git a/modules/policy/policy.lua b/modules/policy/policy.lua
index 2179bba54629312294b3cad4ef149da61430679d..97aec93d7b4717d1a3dc91701e390b5f5a4fef24 100644 (file)
--- a/modules/policy/policy.lua
+++ b/modules/policy/policy.lua
@@ -139,8 +139,6 @@ end
 function policy.TLS_FORWARD(targets)
        if type(targets) ~= 'table' or #targets < 1 then
                error('TLS_FORWARD argument must be a non-empty table')
-       elseif #targets > 4 then
-               error('TLS_FORWARD supports at most four targets (in a single call)')
        end
 
        local sockaddr_c_set = {}
@@ -176,7 +174,7 @@ function policy.TLS_FORWARD(targets)
                qry.flags.AWAIT_CUT = true
                req.options.TCP = true
                qry.flags.TCP = true
-               set_nslist(qry, nslist)
+               set_nslist(req, nslist)
                return state
        end
 end