From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Tue, 12 Dec 2023 14:21:54 +0000 (+0100)
Subject: tcpiohandler: Added a comment explaining the HTTP/1.1 addition to ALPN
X-Git-Tag: dnsdist-1.9.0-alpha4~5^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eb05334bdb1256149f4cc38c9ff3838cf2d1f9ad;p=thirdparty%2Fpdns.git

tcpiohandler: Added a comment explaining the HTTP/1.1 addition to ALPN
---

diff --git a/pdns/tcpiohandler.cc b/pdns/tcpiohandler.cc
index 8435913e85..bb038e64c5 100644
--- a/pdns/tcpiohandler.cc
+++ b/pdns/tcpiohandler.cc
@@ -1815,7 +1815,12 @@ bool setupDoHProtocolNegotiation(std::shared_ptr<TLSCtx>& ctx)
   if (ctx == nullptr) {
     return false;
   }
-  /* we want to set the ALPN to doh */
+  /* This code is only called for incoming/server TLS contexts (not outgoing/client),
+     and h2o sets it own ALPN values.
+     We want to set the ALPN for DoH:
+     - HTTP/1.1 so that the OpenSSL callback ALPN accepts it, letting us later return a static response
+     - HTTP/2
+  */
   const std::vector<std::vector<uint8_t>> dohAlpns{{'h', '2'},{'h', 't', 't', 'p', '/', '1', '.', '1'}};
   ctx->setALPNProtos(dohAlpns);