Unofficially support DoH/ODoH over HTTP

2023-09-05 22:37:11 +02:00 · 2023-09-05 22:37:11 +02:00 · 8bea679e7b
parent 87571d4a7f
commit 8bea679e7b
1 changed files with 34 additions and 25 deletions
--- a/dnscrypt-proxy/serversInfo.go
+++ b/dnscrypt-proxy/serversInfo.go
@ -854,10 +854,17 @@ func _fetchODoHTargetInfo(proxy *Proxy, name string, stamp stamps.ServerStamp, i
 		if msg.Rcode != dns.RcodeNameError {
 			dlog.Criticalf("[%s] may be a lying resolver", name)
 		}
-
-		protocol := tls.NegotiatedProtocol
+		protocol := "http"
+		tlsVersion := uint16(0)
+		tlsCipherSuite := uint16(0)
+		if tls != nil {
+			protocol = tls.NegotiatedProtocol
 			if len(protocol) == 0 {
 				protocol = "http/1.x"
+			} else {
+				tlsVersion = tls.Version
+				tlsCipherSuite = tls.CipherSuite
+			}
 		}
 		if strings.HasPrefix(protocol, "http/1.") {
 			dlog.Warnf("[%s] does not support HTTP/2", name)
@ -865,13 +872,14 @@ func _fetchODoHTargetInfo(proxy *Proxy, name string, stamp stamps.ServerStamp, i
 		dlog.Infof(
 			"[%s] TLS version: %x - Protocol: %v - Cipher suite: %v",
 			name,
-			tls.Version,
+			tlsVersion,
 			protocol,
-			tls.CipherSuite,
+			tlsCipherSuite,
 		)
 		showCerts := proxy.showCerts
 		found := false
 		var wantedHash [32]byte
+		if tls != nil {
 			for _, cert := range tls.PeerCertificates {
 				h := sha256.Sum256(cert.RawTBSCertificate)
 				if showCerts {
@ -896,6 +904,7 @@ func _fetchODoHTargetInfo(proxy *Proxy, name string, stamp stamps.ServerStamp, i
 				dlog.Criticalf("[%s] Certificate hash [%x] not found", name, wantedHash)
 				return ServerInfo{}, fmt.Errorf("Certificate hash not found")
 			}
+		}
 		if len(serverResponse) < MinDNSPacketSize || len(serverResponse) > MaxDNSPacketSize ||
 			serverResponse[0] != 0xca || serverResponse[1] != 0xfe || serverResponse[4] != 0x00 || serverResponse[5] != 0x01 {
 			dlog.Info("Webserver returned an unexpected response")