From: Tomas Krizek <tomas.krizek@nic.cz>
Date: Wed, 12 Aug 2020 11:11:31 +0000 (+0200)
Subject: daemon/io: set proper ALPN for dot and doh
X-Git-Tag: v5.2.0~15^2~43
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b2934fca6beedf2ba49680a573e7ea01a528a353;p=thirdparty%2Fknot-resolver.git

daemon/io: set proper ALPN for dot and doh
---

diff --git a/daemon/io.c b/daemon/io.c
index c7aa8d534..8ffaa303e 100644
--- a/daemon/io.c
+++ b/daemon/io.c
@@ -457,6 +457,22 @@ static void _tcp_accept(uv_stream_t *master, int status, bool tls, bool http)
 			}
 			ctx->c.session = s;
 			ctx->c.handshake_state = TLS_HS_IN_PROGRESS;
+
+			/* Configure ALPN. */
+			gnutls_datum_t proto;
+			if (!http) {
+				proto.data = (unsigned char *)"dot";
+				proto.size = 3;
+			} else {
+				proto.data = (unsigned char *)"h2";
+				proto.size = 2;
+			}
+			ret = gnutls_alpn_set_protocols(ctx->c.tls_session, &proto, 1, GNUTLS_ALPN_MANDATORY);
+			if (ret != GNUTLS_E_SUCCESS) {
+				session_close(s);
+				return;
+			}
+
 			session_tls_set_server_ctx(s, ctx);
 		}
 	}
@@ -470,20 +486,6 @@ static void _tcp_accept(uv_stream_t *master, int status, bool tls, bool http)
 				session_close(s);
 				return;
 			}
-
-			struct tls_ctx_t *tls_ctx = session_tls_get_server_ctx(s);
-			if (tls_ctx) {
-				const gnutls_datum_t protos[] = {
-					{(unsigned char *)"h2", 2}
-				};
-				ret = gnutls_alpn_set_protocols(tls_ctx->c.tls_session,
-				                                protos, sizeof(protos)/sizeof(*protos),
-												0);
-				if (ret != GNUTLS_E_SUCCESS) {
-					session_close(s);
-					return;
-				}
-			}
 			session_http_set_server_ctx(s, ctx);
 		}
 	}