From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Thu, 10 Apr 2025 10:13:10 +0000 (+0200)
Subject: Merge pull request #15387 from rgacogne/ddist-share-stek-context-identical-frontends
X-Git-Tag: dnsdist-2.0.0-alpha2~88
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b466a1764f4fddb8cceb18c860e1179954bcfb67;p=thirdparty%2Fpdns.git

Merge pull request #15387 from rgacogne/ddist-share-stek-context-identical-frontends

dnsdist: Share tickets key between identical frontends created via YAML
---

b466a1764f4fddb8cceb18c860e1179954bcfb67
diff --cc pdns/dnsdistdist/dnsdist-configuration-yaml.cc
index 84be6b09c2,9747a5de9b..55ddc0eb57
--- a/pdns/dnsdistdist/dnsdist-configuration-yaml.cc
+++ b/pdns/dnsdistdist/dnsdist-configuration-yaml.cc
@@@ -284,11 -285,11 +285,12 @@@ static bool handleTLSConfiguration(cons
      state.doh3Frontend = std::move(frontend);
    }
  #endif /* HAVE_DNS_OVER_HTTP3 */
 +#if defined(HAVE_DNS_OVER_HTTPS)
    else if (protocol == "doh") {
      auto frontend = std::make_shared<DOHFrontend>();
-     frontend->d_tlsContext.d_provider = std::string(bind.tls.provider);
-     boost::algorithm::to_lower(frontend->d_tlsContext.d_provider);
+     auto& tlsContext = frontend->d_tlsContext;
+     tlsContext->d_provider = std::string(bind.tls.provider);
+     boost::algorithm::to_lower(tlsContext->d_provider);
      frontend->d_library = std::string(bind.doh.provider);
      if (frontend->d_library == "h2o") {
  #ifdef HAVE_LIBH2OEVLOOP
@@@ -348,15 -349,15 +350,16 @@@
        infolog("DNS over HTTPS configured");
      }
      else {
-       frontend->d_tlsContext.d_addr = ComboAddress(std::string(bind.listen_address), 80);
-       infolog("No certificate provided for DoH endpoint %s, running in DNS over HTTP mode instead of DNS over HTTPS", frontend->d_tlsContext.d_addr.toStringWithPort());
+       tlsContext->d_addr = ComboAddress(std::string(bind.listen_address), 80);
+       infolog("No certificate provided for DoH endpoint %s, running in DNS over HTTP mode instead of DNS over HTTPS", tlsContext->d_addr.toStringWithPort());
      }
  
-     frontend->d_tlsContext.d_proxyProtocolOutsideTLS = bind.tls.proxy_protocol_outside_tls;
-     frontend->d_tlsContext.d_tlsConfig = std::move(tlsConfig);
+     tlsContext->d_proxyProtocolOutsideTLS = bind.tls.proxy_protocol_outside_tls;
+     tlsContext->d_tlsConfig = std::move(tlsConfig);
+     tlsContext->setParent(parent);
      state.dohFrontend = std::move(frontend);
    }
 +#endif /* defined(HAVE_DNS_OVER_HTTPS) */
    else if (protocol != "do53") {
      errlog("Bind %s is configured to use an unknown protocol ('%s')", bind.listen_address, protocol);
      return false;