Fix flawed logic when detecting same listener type

The older version of the code was reporting that listeners are going
to be of the same type after reconfiguration when switching from DoT
to HTTPS listener, making BIND abort its executions.

That was happening due to the flaw in logic due to which the code
could consider a current listener and a configuration for the new one
to be of the same type (DoT) even when the new listener entry is
explicitly marked as HTTP.

The checks for PROXY in between the configuration were masking that
behaviour, but when porting it to 9.18 (when there is no PROXY
support), the behaviour was exposed.

Now the code mirrors the logic in 'interface_setup()' closely (as it
was meant to).

diff --git a/bin/tests/system/transport-change/tests.sh b/bin/tests/system/transport-change/tests.sh
index 646f5af29091938fdba4be37df6be3f5075bf5ad..56a016766d930e3feaf1d5305d47aca3d00de32a 100644 (file)
--- a/bin/tests/system/transport-change/tests.sh
+++ b/bin/tests/system/transport-change/tests.sh
@@ -96,5 +96,11 @@ run_dig_multitest_expect_success "$testing: a query over plain HTTP/DoH" +http-p
 reconfig_server "reconfiguring the server to use plain HTTP/DoH over PROXYv2" named-http-plain-proxy.conf.in
 run_dig_multitest_expect_success "$testing: a query over plain HTTP/DoH over PROXYv2" +http-plain +proxy
 
+reconfig_server "reconfiguring the server back to use TLS/DoT" named-tls.conf.in
+run_dig_multitest_expect_success "$testing: a query over TLS/DoT" +tls
+
+reconfig_server "reconfiguring the server back to use HTTPS/DoH" named-https.conf.in
+run_dig_multitest_expect_success "$testing: a query over HTTPS/DoH" +https
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1

diff --git a/lib/ns/interfacemgr.c b/lib/ns/interfacemgr.c
index d3b6f47e8a6bec8af0fbf3e97825c4d025304a7c..965399f63aede32a5e4558afa618817dbd18bd13 100644 (file)
--- a/lib/ns/interfacemgr.c
+++ b/lib/ns/interfacemgr.c
@@ -1023,16 +1023,13 @@ static bool
 same_listener_type(ns_interface_t *ifp, ns_listenelt_t *new_le) {
        bool same_transport_type = false;
 
-       if (new_le->is_http && new_le->sslctx != NULL &&
-           ifp->http_secure_listensocket != NULL)
-       {
-               /* HTTPS/DoH */
-               same_transport_type = true;
-       } else if (new_le->is_http && new_le->sslctx == NULL &&
-                  ifp->http_listensocket != NULL)
-       {
-               /* HTTP/plain DoH */
-               same_transport_type = true;
+       /* See 'interface_setup()' above */
+       if (new_le->is_http) {
+               /* HTTP/DoH */
+               same_transport_type = (new_le->sslctx != NULL &&
+                                      ifp->http_secure_listensocket != NULL) ||
+                                     (new_le->sslctx == NULL &&
+                                      ifp->http_listensocket != NULL);
        } else if (new_le->sslctx != NULL && ifp->tlslistensocket != NULL) {
                /* TLS/DoT */
                same_transport_type = true;