Remove doh_client_x509_auth stuf from fetchServerInfo
It doesn't belong there, and that feature doesn't do what it's documented to do. It sets client certificates globally instead of doing it per server.
This commit is contained in:
parent
402860e2a6
commit
0d81fa2796
|
@ -618,17 +618,17 @@ func ConfigLoad(proxy *Proxy, flags *ConfigFlags) error {
|
|||
if config.DoHClientX509AuthLegacy.Creds != nil {
|
||||
return errors.New("[tls_client_auth] has been renamed to [doh_client_x509_auth] - Update your config file")
|
||||
}
|
||||
configClientCreds := config.DoHClientX509Auth.Creds
|
||||
creds := make(map[string]DOHClientCreds)
|
||||
for _, configClientCred := range configClientCreds {
|
||||
credFiles := DOHClientCreds{
|
||||
dohClientCreds := config.DoHClientX509Auth.Creds
|
||||
if len(dohClientCreds) > 0 {
|
||||
dlog.Noticef("Enabling TLS authentication")
|
||||
configClientCred := dohClientCreds[0]
|
||||
proxy.xTransport.tlsClientCreds = DOHClientCreds{
|
||||
clientCert: configClientCred.ClientCert,
|
||||
clientKey: configClientCred.ClientKey,
|
||||
rootCA: configClientCred.RootCA,
|
||||
}
|
||||
creds[configClientCred.ServerName] = credFiles
|
||||
proxy.xTransport.rebuildTransport()
|
||||
}
|
||||
proxy.dohCreds = &creds
|
||||
|
||||
// Backwards compatibility
|
||||
config.BrokenImplementations.FragmentsBlocked = append(config.BrokenImplementations.FragmentsBlocked, config.BrokenImplementations.BrokenQueryPadding...)
|
||||
|
|
|
@ -37,7 +37,6 @@ type Proxy struct {
|
|||
listenAddresses []string
|
||||
localDoHListenAddresses []string
|
||||
xTransport *XTransport
|
||||
dohCreds *map[string]DOHClientCreds
|
||||
allWeeklyRanges *map[string]WeeklyRanges
|
||||
routes *map[string][]string
|
||||
captivePortalMap *CaptivePortalMap
|
||||
|
|
|
@ -594,15 +594,7 @@ func fetchDoHServerInfo(proxy *Proxy, name string, stamp stamps.ServerStamp, isN
|
|||
Path: stamp.Path,
|
||||
}
|
||||
body := dohTestPacket(0xcafe)
|
||||
dohClientCreds, ok := (*proxy.dohCreds)[name]
|
||||
if !ok {
|
||||
dohClientCreds, ok = (*proxy.dohCreds)["*"]
|
||||
}
|
||||
if ok {
|
||||
dlog.Noticef("Enabling TLS authentication for [%s]", name)
|
||||
proxy.xTransport.tlsClientCreds = dohClientCreds
|
||||
proxy.xTransport.rebuildTransport()
|
||||
}
|
||||
|
||||
useGet := false
|
||||
if _, _, _, _, err := proxy.xTransport.DoHQuery(useGet, url, body, proxy.timeout); err != nil {
|
||||
useGet = true
|
||||
|
|
Loading…
Reference in New Issue