From 5d900bdaa4598593347e10b20af964fca365437e Mon Sep 17 00:00:00 2001 From: Stanislav Chzhen Date: Fri, 28 Jul 2023 19:50:53 +0300 Subject: [PATCH] Pull request 1942: AG-24087-opts-root-cas Squashed commit of the following: commit 60db425504fce9743d46cfc0d155364fa5a1e77e Merge: c589343e7 79306cb48 Author: Stanislav Chzhen Date: Fri Jul 28 19:43:01 2023 +0300 Merge branch 'master' into AG-24087-opts-root-cas commit c589343e7b1db6f66c3890fd2caff755fcf92d08 Author: Stanislav Chzhen Date: Thu Jul 27 14:59:23 2023 +0300 all: upd dnsproxy --- go.mod | 2 +- go.sum | 4 ++-- internal/dnsforward/upstreams.go | 19 +++++++++---------- 3 files changed, 12 insertions(+), 13 deletions(-) diff --git a/go.mod b/go.mod index 6ea10a97..42bc5aee 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/AdguardTeam/AdGuardHome go 1.19 require ( - github.com/AdguardTeam/dnsproxy v0.52.0 + github.com/AdguardTeam/dnsproxy v0.52.1-0.20230726165924-30c459b0cdef github.com/AdguardTeam/golibs v0.13.6 github.com/AdguardTeam/urlfilter v0.16.1 github.com/NYTimes/gziphandler v1.1.1 diff --git a/go.sum b/go.sum index af61e7b8..cee4fd30 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -github.com/AdguardTeam/dnsproxy v0.52.0 h1:uZxCXflHSAwtJ7uTYXP6qgWcxaBsH0pJvldpwTqIDJk= -github.com/AdguardTeam/dnsproxy v0.52.0/go.mod h1:Jo2zeRe97Rxt3yikXc+fn0LdLtqCj0Xlyh1PNBj6bpM= +github.com/AdguardTeam/dnsproxy v0.52.1-0.20230726165924-30c459b0cdef h1:3ZJieG+PV+wJEXLgUndW4yL9/7iubyipbDmA0w3sa7Y= +github.com/AdguardTeam/dnsproxy v0.52.1-0.20230726165924-30c459b0cdef/go.mod h1:Jo2zeRe97Rxt3yikXc+fn0LdLtqCj0Xlyh1PNBj6bpM= github.com/AdguardTeam/golibs v0.4.0/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4= github.com/AdguardTeam/golibs v0.10.4/go.mod h1:rSfQRGHIdgfxriDDNgNJ7HmE5zRoURq8R+VdR81Zuzw= github.com/AdguardTeam/golibs v0.13.6 h1:z/0Q25pRLdaQxtoxvfSaooz5mdv8wj0R8KREj54q8yQ= diff --git a/internal/dnsforward/upstreams.go b/internal/dnsforward/upstreams.go index ceec1cb7..6d1eac1f 100644 --- a/internal/dnsforward/upstreams.go +++ b/internal/dnsforward/upstreams.go @@ -42,16 +42,6 @@ func (s *Server) loadUpstreams() (upstreams []string, err error) { // prepareUpstreamSettings sets upstream DNS server settings. func (s *Server) prepareUpstreamSettings() (err error) { - // Use a customized set of RootCAs, because Go's default mechanism of - // loading TLS roots does not always work properly on some routers so we're - // loading roots manually and pass it here. - // - // See [aghtls.SystemRootCAs]. - // - // TODO(a.garipov): Investigate if that's true. - upstream.RootCAs = s.conf.TLSv12Roots - upstream.CipherSuites = s.conf.TLSCiphers - // Load upstreams either from the file, or from the settings var upstreams []string upstreams, err = s.loadUpstreams() @@ -64,6 +54,15 @@ func (s *Server) prepareUpstreamSettings() (err error) { Timeout: s.conf.UpstreamTimeout, HTTPVersions: UpstreamHTTPVersions(s.conf.UseHTTP3Upstreams), PreferIPv6: s.conf.BootstrapPreferIPv6, + // Use a customized set of RootCAs, because Go's default mechanism of + // loading TLS roots does not always work properly on some routers so we're + // loading roots manually and pass it here. + // + // See [aghtls.SystemRootCAs]. + // + // TODO(a.garipov): Investigate if that's true. + RootCAs: s.conf.TLSv12Roots, + CipherSuites: s.conf.TLSCiphers, }) if err != nil { return fmt.Errorf("preparing upstream config: %w", err)