errlog("Fatal error in outgoing DoH thread: %s", e.what());
}
}
-
-static bool select_next_proto_callback(unsigned char** out, unsigned char* outlen, const unsigned char* in, unsigned int inlen)
-{
- if (nghttp2_select_next_protocol(out, outlen, in, inlen) <= 0) {
- vinfolog("The remote DoH backend did not advertise " NGHTTP2_PROTO_VERSION_ID);
- return false;
- }
- return true;
-}
-
#endif /* HAVE_DNS_OVER_HTTPS && HAVE_NGHTTP2 */
struct DoHClientCollection::DoHWorkerThread
/* we want to set the ALPN to h2, if only to mitigate the ALPACA attack */
const std::vector<std::vector<uint8_t>> h2Alpns = {{'h', '2'}};
ctx->setALPNProtos(h2Alpns);
- ctx->setNextProtocolSelectCallback(select_next_proto_callback);
return true;
#else /* HAVE_DNS_OVER_HTTPS && HAVE_NGHTTP2 */
return false;
#endif /* HAVE_SSL_CTX_SET_KEYLOG_CALLBACK */
}
-/* called in a client context, if the client advertised more than one ALPN values and the server returned more than one as well, to select the one to use. */
-#ifndef DISABLE_NPN
-void libssl_set_npn_select_callback(SSL_CTX* ctx, int (*cb)(SSL* s, unsigned char** out, unsigned char* outlen, const unsigned char* in, unsigned int inlen, void* arg), void* arg)
-{
-#ifdef HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB
- SSL_CTX_set_next_proto_select_cb(ctx, cb, arg);
-#endif
-}
-#endif /* DISABLE_NPN */
-
+/* called in a client context, if the client advertised more than one ALPN value and the server returned more than one as well, to select the one to use. */
void libssl_set_alpn_select_callback(SSL_CTX* ctx, int (*cb)(SSL* s, const unsigned char** out, unsigned char* outlen, const unsigned char* in, unsigned int inlen, void* arg), void* arg)
{
#ifdef HAVE_SSL_CTX_SET_ALPN_SELECT_CB
pdns::UniqueFilePtr libssl_set_key_log_file(std::unique_ptr<SSL_CTX, decltype(&SSL_CTX_free)>& ctx, const std::string& logFile);
-/* called in a client context, if the client advertised more than one ALPN values and the server returned more than one as well, to select the one to use. */
-#ifndef DISABLE_NPN
-void libssl_set_npn_select_callback(SSL_CTX* ctx, int (*cb)(SSL* s, unsigned char** out, unsigned char* outlen, const unsigned char* in, unsigned int inlen, void* arg), void* arg);
-#endif /* DISABLE_NPN */
-
/* called in a server context, to select an ALPN value advertised by the client if any */
void libssl_set_alpn_select_callback(SSL_CTX* ctx, int (*cb)(SSL* s, const unsigned char** out, unsigned char* outlen, const unsigned char* in, unsigned int inlen, void* arg), void* arg);
/* set the supported ALPN protos in client context */
const unsigned char* alpn = nullptr;
unsigned int alpnLen = 0;
-#ifndef DISABLE_NPN
-#ifdef HAVE_SSL_GET0_NEXT_PROTO_NEGOTIATED
- SSL_get0_next_proto_negotiated(d_conn.get(), &alpn, &alpnLen);
-#endif /* HAVE_SSL_GET0_NEXT_PROTO_NEGOTIATED */
-#endif /* DISABLE_NPN */
#ifdef HAVE_SSL_GET0_ALPN_SELECTED
if (alpn == nullptr) {
SSL_get0_alpn_selected(d_conn.get(), &alpn, &alpnLen);
return libssl_set_alpn_protos(openSSLContext, protos);
}
-#ifndef DISABLE_NPN
- bool setNextProtocolSelectCallback(bool(*cb)(unsigned char** out, unsigned char* outlen, const unsigned char* in, unsigned int inlen)) override
- {
- d_nextProtocolSelectCallback = cb;
- libssl_set_npn_select_callback(getOpenSSLContext(), npnSelectCallback, this);
- return true;
- }
-#endif /* DISABLE_NPN */
-
private:
- /* called in a client context, if the client advertised more than one ALPN values and the server returned more than one as well, to select the one to use. */
-#ifndef DISABLE_NPN
- static int npnSelectCallback(SSL* /* s */, unsigned char** out, unsigned char* outlen, const unsigned char* in, unsigned int inlen, void* arg)
- {
- if (!arg) {
- return SSL_TLSEXT_ERR_ALERT_WARNING;
- }
- OpenSSLTLSIOCtx* obj = reinterpret_cast<OpenSSLTLSIOCtx*>(arg);
- if (obj->d_nextProtocolSelectCallback) {
- return (*obj->d_nextProtocolSelectCallback)(out, outlen, in, inlen) ? SSL_TLSEXT_ERR_OK : SSL_TLSEXT_ERR_ALERT_WARNING;
- }
-
- return SSL_TLSEXT_ERR_OK;
- }
-#endif /* NPN */
-
+ /* called in a client context, if the client advertised more than one ALPN value and the server returned more than one as well, to select the one to use. */
static int alpnServerSelectCallback(SSL*, const unsigned char** out, unsigned char* outlen, const unsigned char* in, unsigned int inlen, void* arg)
{
if (!arg) {
return false;
}
- /* called in a client context, if the client advertised more than one ALPN values and the server returned more than one as well, to select the one to use. */
- virtual bool setNextProtocolSelectCallback(bool(*)(unsigned char** out, unsigned char* outlen, const unsigned char* in, unsigned int inlen))
- {
- return false;
- }
-
using tickets_key_added_hook = std::function<void(const std::string& key)>;
static void setTicketsKeyAddedHook(const tickets_key_added_hook& hook)
projects / thirdparty / pdns.git / commitdiff
