Pull request 1942: AG-24087-opts-root-cas
Squashed commit of the following:
commit 60db425504fce9743d46cfc0d155364fa5a1e77e
Merge: c589343e7 79306cb48
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date: Fri Jul 28 19:43:01 2023 +0300
Merge branch 'master' into AG-24087-opts-root-cas
commit c589343e7b1db6f66c3890fd2caff755fcf92d08
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date: Thu Jul 27 14:59:23 2023 +0300
all: upd dnsproxy
This commit is contained in:
parent
79306cb48a
commit
5d900bdaa4
2
go.mod
2
go.mod
|
@ -3,7 +3,7 @@ module github.com/AdguardTeam/AdGuardHome
|
||||||
go 1.19
|
go 1.19
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/AdguardTeam/dnsproxy v0.52.0
|
github.com/AdguardTeam/dnsproxy v0.52.1-0.20230726165924-30c459b0cdef
|
||||||
github.com/AdguardTeam/golibs v0.13.6
|
github.com/AdguardTeam/golibs v0.13.6
|
||||||
github.com/AdguardTeam/urlfilter v0.16.1
|
github.com/AdguardTeam/urlfilter v0.16.1
|
||||||
github.com/NYTimes/gziphandler v1.1.1
|
github.com/NYTimes/gziphandler v1.1.1
|
||||||
|
|
4
go.sum
4
go.sum
|
@ -1,5 +1,5 @@
|
||||||
github.com/AdguardTeam/dnsproxy v0.52.0 h1:uZxCXflHSAwtJ7uTYXP6qgWcxaBsH0pJvldpwTqIDJk=
|
github.com/AdguardTeam/dnsproxy v0.52.1-0.20230726165924-30c459b0cdef h1:3ZJieG+PV+wJEXLgUndW4yL9/7iubyipbDmA0w3sa7Y=
|
||||||
github.com/AdguardTeam/dnsproxy v0.52.0/go.mod h1:Jo2zeRe97Rxt3yikXc+fn0LdLtqCj0Xlyh1PNBj6bpM=
|
github.com/AdguardTeam/dnsproxy v0.52.1-0.20230726165924-30c459b0cdef/go.mod h1:Jo2zeRe97Rxt3yikXc+fn0LdLtqCj0Xlyh1PNBj6bpM=
|
||||||
github.com/AdguardTeam/golibs v0.4.0/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
|
github.com/AdguardTeam/golibs v0.4.0/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
|
||||||
github.com/AdguardTeam/golibs v0.10.4/go.mod h1:rSfQRGHIdgfxriDDNgNJ7HmE5zRoURq8R+VdR81Zuzw=
|
github.com/AdguardTeam/golibs v0.10.4/go.mod h1:rSfQRGHIdgfxriDDNgNJ7HmE5zRoURq8R+VdR81Zuzw=
|
||||||
github.com/AdguardTeam/golibs v0.13.6 h1:z/0Q25pRLdaQxtoxvfSaooz5mdv8wj0R8KREj54q8yQ=
|
github.com/AdguardTeam/golibs v0.13.6 h1:z/0Q25pRLdaQxtoxvfSaooz5mdv8wj0R8KREj54q8yQ=
|
||||||
|
|
|
@ -42,16 +42,6 @@ func (s *Server) loadUpstreams() (upstreams []string, err error) {
|
||||||
|
|
||||||
// prepareUpstreamSettings sets upstream DNS server settings.
|
// prepareUpstreamSettings sets upstream DNS server settings.
|
||||||
func (s *Server) prepareUpstreamSettings() (err error) {
|
func (s *Server) prepareUpstreamSettings() (err error) {
|
||||||
// Use a customized set of RootCAs, because Go's default mechanism of
|
|
||||||
// loading TLS roots does not always work properly on some routers so we're
|
|
||||||
// loading roots manually and pass it here.
|
|
||||||
//
|
|
||||||
// See [aghtls.SystemRootCAs].
|
|
||||||
//
|
|
||||||
// TODO(a.garipov): Investigate if that's true.
|
|
||||||
upstream.RootCAs = s.conf.TLSv12Roots
|
|
||||||
upstream.CipherSuites = s.conf.TLSCiphers
|
|
||||||
|
|
||||||
// Load upstreams either from the file, or from the settings
|
// Load upstreams either from the file, or from the settings
|
||||||
var upstreams []string
|
var upstreams []string
|
||||||
upstreams, err = s.loadUpstreams()
|
upstreams, err = s.loadUpstreams()
|
||||||
|
@ -64,6 +54,15 @@ func (s *Server) prepareUpstreamSettings() (err error) {
|
||||||
Timeout: s.conf.UpstreamTimeout,
|
Timeout: s.conf.UpstreamTimeout,
|
||||||
HTTPVersions: UpstreamHTTPVersions(s.conf.UseHTTP3Upstreams),
|
HTTPVersions: UpstreamHTTPVersions(s.conf.UseHTTP3Upstreams),
|
||||||
PreferIPv6: s.conf.BootstrapPreferIPv6,
|
PreferIPv6: s.conf.BootstrapPreferIPv6,
|
||||||
|
// Use a customized set of RootCAs, because Go's default mechanism of
|
||||||
|
// loading TLS roots does not always work properly on some routers so we're
|
||||||
|
// loading roots manually and pass it here.
|
||||||
|
//
|
||||||
|
// See [aghtls.SystemRootCAs].
|
||||||
|
//
|
||||||
|
// TODO(a.garipov): Investigate if that's true.
|
||||||
|
RootCAs: s.conf.TLSv12Roots,
|
||||||
|
CipherSuites: s.conf.TLSCiphers,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("preparing upstream config: %w", err)
|
return fmt.Errorf("preparing upstream config: %w", err)
|
||||||
|
|
Loading…
Reference in New Issue