From: Jacob Hoffman-Andrews <github@hoffman-andrews.com>
Date: Thu, 14 Dec 2023 00:58:44 +0000 (-0800)
Subject: DoH: reject non-h2 early
X-Git-Tag: release-1.19.3rc1~48^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F980%2Fhead;p=thirdparty%2Funbound.git

DoH: reject non-h2 early

Previously, non-h2 connections would be accepted, and then error out
with a verbose message "http2: session_recv from ____ failed,
error: Received bad client magic byte string". Instead, we can detect
absence of h2 support at connection time and reject with a clearer
verbose message.
---

diff --git a/util/netevent.c b/util/netevent.c
index 141e48d48..d517ae544 100644
--- a/util/netevent.c
+++ b/util/netevent.c
@@ -1748,6 +1748,9 @@ ssl_handshake(struct comm_point* c)
 			/* connection upgraded to HTTP2 */
 			c->tcp_do_toggle_rw = 0;
 			c->use_h2 = 1;
+		} else {
+			verbose(VERB_ALGO, "client doesn't support HTTP/2");
+			return 0;
 		}
 	}
 #endif