diff --git a/dnscrypt-proxy/config.go b/dnscrypt-proxy/config.go index 64b245eb..eebd35d1 100644 --- a/dnscrypt-proxy/config.go +++ b/dnscrypt-proxy/config.go @@ -34,6 +34,8 @@ type Config struct { DisabledServerNames []string `toml:"disabled_server_names"` ListenAddresses []string `toml:"listen_addresses"` LocalDoHListenAddresses []string `toml:"local_doh_listen_addresses"` + LocalDoHCertFile string `toml:"local_doh_cert_file"` + LocalDoHCertKeyFile string `toml:"local_doh_cert_key_file"` Daemonize bool UserName string `toml:"user_name"` ForceTCP bool `toml:"force_tcp"` @@ -96,6 +98,8 @@ func newConfig() Config { LogLevel: int(dlog.LogLevel()), ListenAddresses: []string{"127.0.0.1:53"}, LocalDoHListenAddresses: []string{"127.0.0.1:443"}, + LocalDoHCertFile: "localhost.pem", + LocalDoHCertKeyFile: "localhost.pem", Timeout: 5000, KeepAlive: 5, CertRefreshDelay: 240, @@ -352,6 +356,8 @@ func ConfigLoad(proxy *Proxy, flags *ConfigFlags) error { proxy.listenAddresses = config.ListenAddresses proxy.localDoHListenAddresses = config.LocalDoHListenAddresses + proxy.localDoHCertFile = config.LocalDoHCertFile + proxy.localDoHCertKeyFile = config.LocalDoHCertKeyFile proxy.daemonize = config.Daemonize proxy.pluginBlockIPv6 = config.BlockIPv6 proxy.cache = config.Cache diff --git a/dnscrypt-proxy/local-doh.go b/dnscrypt-proxy/local-doh.go index b30832ab..99eee407 100644 --- a/dnscrypt-proxy/local-doh.go +++ b/dnscrypt-proxy/local-doh.go @@ -15,8 +15,10 @@ type localDoHHandler struct { func (handler localDoHHandler) ServeHTTP(writer http.ResponseWriter, request *http.Request) { dataType := "application/dns-message" + writer.Header().Set("Server", "dnscrypt-proxy") if request.Header.Get("Content-Type") != dataType { writer.WriteHeader(400) + writer.Write([]byte("Unexpected Content-Type\n")) return } proxy := handler.proxy @@ -32,14 +34,14 @@ func (handler localDoHHandler) ServeHTTP(writer http.ResponseWriter, request *ht dlog.Warnf("No body in a local DoH query") return } - response := proxy.processIncomingQuery(proxy.serversInfo.getOne(), "tcp", "tcp", packet, &xClientAddr, nil, start) + response := proxy.processIncomingQuery(proxy.serversInfo.getOne(), "http", proxy.mainProto, packet, &xClientAddr, nil, start) if len(response) == 0 { writer.WriteHeader(500) return } + writer.Header().Set("Content-Type", "application/dns-message") + writer.Header().Set("Content-Length", string(len(response))) writer.WriteHeader(200) - writer.Header().Add("Server", "dnscrypt-proxy") - writer.Header().Add("Content-Type", "application/dns-message") writer.Write(response) } @@ -50,7 +52,7 @@ func (proxy *Proxy) localDoHListener(acceptPc *net.TCPListener) { WriteTimeout: proxy.timeout, Handler: localDoHHandler{proxy: proxy}, } - if err := httpServer.Serve(acceptPc); err != nil { + if err := httpServer.ServeTLS(acceptPc, proxy.localDoHCertFile, proxy.localDoHCertKeyFile); err != nil { dlog.Fatal(err) } } diff --git a/dnscrypt-proxy/proxy.go b/dnscrypt-proxy/proxy.go index 2b3d2ed4..8168e656 100644 --- a/dnscrypt-proxy/proxy.go +++ b/dnscrypt-proxy/proxy.go @@ -32,6 +32,8 @@ type Proxy struct { mainProto string listenAddresses []string localDoHListenAddresses []string + localDoHCertFile string + localDoHCertKeyFile string daemonize bool registeredServers []RegisteredServer registeredRelays []RegisteredServer @@ -558,9 +560,12 @@ func (proxy *Proxy) processIncomingQuery(serverInfo *ServerInfo, clientProto str } return } - clientPc.Write(response) + if clientPc != nil { + clientPc.Write(response) + } } pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals) + return response }