Update Stubby to always send the dot ALPN when using DoT

getdnsapi · Jun 7, 2022 · a5a1256 · a5a1256
1 parent c2e085e
commit a5a1256
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,6 @@
+* 2022-06-: Version 1.7.1
+  * Always send the `dot` ALPN when using DoT
+
 * 2021-06-04: Version 1.7.0
   * Make TLS Handshake timeout max 4/5th of timeout for the query,
     just like connection setup timeout was, so fallback transport

diff --git a/src/openssl/tls.c b/src/openssl/tls.c
@@ -320,6 +320,10 @@ void _getdns_tls_init()
 #endif
 }
 
+#define DOT_PROTO_ALPN_ID     "dot"
+#define DOT_PROTO_ALPN	   "\x3" DOT_PROTO_ALPN_ID
+#define DOT_PROTO_ALPN_LEN (sizeof(DOT_PROTO_ALPN) - 1)
+
 _getdns_tls_context* _getdns_tls_context_new(struct mem_funcs* mfs, const getdns_log_config* log)
 {
 	_getdns_tls_context* res;
@@ -348,6 +352,8 @@ _getdns_tls_context* _getdns_tls_context_new(struct mem_funcs* mfs, const getdns
 		GETDNS_FREE(*mfs, res);
 		return NULL;
 	}
+	SSL_CTX_set_alpn_protos(res->ssl, (const uint8_t *)DOT_PROTO_ALPN,
+				DOT_PROTO_ALPN_LEN);
 	return res;
 }