* (dnsforward): moved setting upstream.RootCAs

This commit is contained in:
Andrey Meshkov 2020-09-08 17:28:01 +03:00
parent 314867734a
commit 7d7609cf7a
1 changed files with 14 additions and 5 deletions

View File

@ -9,12 +9,11 @@ import (
"net/http" "net/http"
"sort" "sort"
"github.com/AdguardTeam/golibs/log"
"github.com/joomcode/errorx"
"github.com/AdguardTeam/AdGuardHome/dnsfilter" "github.com/AdguardTeam/AdGuardHome/dnsfilter"
"github.com/AdguardTeam/dnsproxy/proxy" "github.com/AdguardTeam/dnsproxy/proxy"
"github.com/AdguardTeam/dnsproxy/upstream" "github.com/AdguardTeam/dnsproxy/upstream"
"github.com/AdguardTeam/golibs/log"
"github.com/joomcode/errorx"
) )
// FilteringConfig represents the DNS filtering configuration of AdGuard Home // FilteringConfig represents the DNS filtering configuration of AdGuard Home
@ -216,6 +215,18 @@ func (s *Server) initDefaultSettings() {
// prepareUpstreamSettings - prepares upstream DNS server settings // prepareUpstreamSettings - prepares upstream DNS server settings
func (s *Server) prepareUpstreamSettings() error { func (s *Server) prepareUpstreamSettings() error {
// We're setting a customized set of RootCAs
// The reason is that Go default mechanism of loading TLS roots
// does not always work properly on some routers so we're
// loading roots manually and pass it here.
// See "util.LoadSystemRootCAs"
upstream.RootCAs = s.conf.TLSv12Roots
// See util.InitTLSCiphers -- removed unsafe ciphers
if len(s.conf.TLSCiphers) > 0 {
upstream.CipherSuites = s.conf.TLSCiphers
}
upstreamConfig, err := proxy.ParseUpstreamsConfig(s.conf.UpstreamDNS, s.conf.BootstrapDNS, DefaultTimeout) upstreamConfig, err := proxy.ParseUpstreamsConfig(s.conf.UpstreamDNS, s.conf.BootstrapDNS, DefaultTimeout)
if err != nil { if err != nil {
return fmt.Errorf("DNS: proxy.ParseUpstreamsConfig: %s", err) return fmt.Errorf("DNS: proxy.ParseUpstreamsConfig: %s", err)
@ -279,8 +290,6 @@ func (s *Server) prepareTLS(proxyConfig *proxy.Config) error {
MinVersion: tls.VersionTLS12, MinVersion: tls.VersionTLS12,
} }
upstream.RootCAs = s.conf.TLSv12Roots
upstream.CipherSuites = s.conf.TLSCiphers
return nil return nil
} }