]> git.ipfire.org Git - thirdparty/knot-resolver.git/commitdiff
daemon/io: set proper ALPN for dot and doh
authorTomas Krizek <tomas.krizek@nic.cz>
Wed, 12 Aug 2020 11:11:31 +0000 (13:11 +0200)
committerTomas Krizek <tomas.krizek@nic.cz>
Tue, 13 Oct 2020 10:55:23 +0000 (12:55 +0200)
daemon/io.c

index c7aa8d534fc69de2a908f0c60ad34f7f00687b33..8ffaa303ea61ee3b002d63189e474797b3fde297 100644 (file)
@@ -457,6 +457,22 @@ static void _tcp_accept(uv_stream_t *master, int status, bool tls, bool http)
                        }
                        ctx->c.session = s;
                        ctx->c.handshake_state = TLS_HS_IN_PROGRESS;
+
+                       /* Configure ALPN. */
+                       gnutls_datum_t proto;
+                       if (!http) {
+                               proto.data = (unsigned char *)"dot";
+                               proto.size = 3;
+                       } else {
+                               proto.data = (unsigned char *)"h2";
+                               proto.size = 2;
+                       }
+                       ret = gnutls_alpn_set_protocols(ctx->c.tls_session, &proto, 1, GNUTLS_ALPN_MANDATORY);
+                       if (ret != GNUTLS_E_SUCCESS) {
+                               session_close(s);
+                               return;
+                       }
+
                        session_tls_set_server_ctx(s, ctx);
                }
        }
@@ -470,20 +486,6 @@ static void _tcp_accept(uv_stream_t *master, int status, bool tls, bool http)
                                session_close(s);
                                return;
                        }
-
-                       struct tls_ctx_t *tls_ctx = session_tls_get_server_ctx(s);
-                       if (tls_ctx) {
-                               const gnutls_datum_t protos[] = {
-                                       {(unsigned char *)"h2", 2}
-                               };
-                               ret = gnutls_alpn_set_protocols(tls_ctx->c.tls_session,
-                                                               protos, sizeof(protos)/sizeof(*protos),
-                                                                                               0);
-                               if (ret != GNUTLS_E_SUCCESS) {
-                                       session_close(s);
-                                       return;
-                               }
-                       }
                        session_http_set_server_ctx(s, ctx);
                }
        }