From a6089998554b9d904eae4507542cee968eca2b41 Mon Sep 17 00:00:00 2001
From: =?utf8?q?=C5=A0t=C4=9Bp=C3=A1n=20Bal=C3=A1=C5=BEik?=
 <stepan.balazik@nic.cz>
Date: Sat, 29 Aug 2020 18:32:01 +0200
Subject: [PATCH] selection: fix TLS forwarding

---
 lib/selection.c           | 11 ++++++++++-
 modules/policy/policy.lua |  4 +---
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/lib/selection.c b/lib/selection.c
index 7d9b0d12f..20eddcd19 100644
--- a/lib/selection.c
+++ b/lib/selection.c
@@ -218,9 +218,18 @@ struct kr_transport *choose_transport(struct choice choices[],
         timeout *= 1 << timeouts;
     }
 
+    enum kr_transport_protocol protocol;
+    if (choices[choice].address_state->tls_capable) {
+        protocol = KR_TRANSPORT_TLS;
+    } else if (tcp) {
+        protocol = KR_TRANSPORT_TCP;
+    } else {
+        protocol = KR_TRANSPORT_UDP;
+    }
+
     *transport = (struct kr_transport) {
         .name = choices[choice].address_state->name,
-        .protocol = tcp ? KR_TRANSPORT_TCP : KR_TRANSPORT_UDP,
+        .protocol = protocol,
         .timeout = timeout,
     };
 
diff --git a/modules/policy/policy.lua b/modules/policy/policy.lua
index 2179bba54..97aec93d7 100644
--- a/modules/policy/policy.lua
+++ b/modules/policy/policy.lua
@@ -139,8 +139,6 @@ end
 function policy.TLS_FORWARD(targets)
 	if type(targets) ~= 'table' or #targets < 1 then
 		error('TLS_FORWARD argument must be a non-empty table')
-	elseif #targets > 4 then
-		error('TLS_FORWARD supports at most four targets (in a single call)')
 	end
 
 	local sockaddr_c_set = {}
@@ -176,7 +174,7 @@ function policy.TLS_FORWARD(targets)
 		qry.flags.AWAIT_CUT = true
 		req.options.TCP = true
 		qry.flags.TCP = true
-		set_nslist(qry, nslist)
+		set_nslist(req, nslist)
 		return state
 	end
 end
-- 
2.47.2