Make isc_nm_tlssocket non-optional

This commit unties generic TLS code (isc_nm_tlssocket) from DoH, so that it will be available regardless of the fact if BIND was built with DNS over HTTP support or not.
2026-05-28 04:34:54 -04:00 · 2022-10-18 15:36:00 +03:00 · 2022-10-18 15:36:00 +03:00 · 4524bf4083
commit 4524bf4083
parent efe4267044
4 changed files with 22 additions and 50 deletions
--- a/lib/isc/Makefile.am
+++ b/lib/isc/Makefile.am
@ -120,6 +120,7 @@ libisc_la_SOURCES =		\
 	netmgr/tcpdns.c		\
 	netmgr/timer.c		\
 	netmgr/tlsdns.c		\
+	netmgr/tlsstream.c	\
 	netmgr/udp.c		\
 	aes.c			\
 	ascii.c			\
@ -256,8 +257,7 @@ endif HAVE_JSON_C

 if HAVE_LIBNGHTTP2
 libisc_la_SOURCES +=		\
-	netmgr/http.c		\
-	netmgr/tlsstream.c
+	netmgr/http.c

 libisc_la_CPPFLAGS +=		\
 	$(LIBNGHTTP2_CFLAGS)
--- a/lib/isc/include/isc/netmgr.h
+++ b/lib/isc/include/isc/netmgr.h
@ -533,10 +533,6 @@ isc_nm_is_http_handle(isc_nmhandle_t *handle);
 * 'isc_nm_httpsocket'.
 */

-#if HAVE_LIBNGHTTP2
-
-#define ISC_NM_HTTP_DEFAULT_PATH "/dns-query"
-
 isc_result_t
 isc_nm_listentls(isc_nm_t *mgr, uint32_t workers, isc_sockaddr_t *iface,
 		 isc_nm_accept_cb_t accept_cb, void *accept_cbarg, int backlog,
@ -549,6 +545,10 @@ isc_nm_tlsconnect(isc_nm_t *mgr, isc_sockaddr_t *local, isc_sockaddr_t *peer,
 		  isc_tlsctx_client_session_cache_t *client_sess_cache,
 		  unsigned int			     timeout);

+#if HAVE_LIBNGHTTP2
+
+#define ISC_NM_HTTP_DEFAULT_PATH "/dns-query"
+
 void
 isc_nm_httpconnect(isc_nm_t *mgr, isc_sockaddr_t *local, isc_sockaddr_t *peer,
 		   const char *uri, bool POST, isc_nm_cb_t cb, void *cbarg,
--- a/lib/isc/netmgr/netmgr-int.h
+++ b/lib/isc/netmgr/netmgr-int.h
@ -753,7 +753,6 @@ typedef enum {
 	STATID_MAX = 11,
 } isc__nm_statid_t;

-#if HAVE_LIBNGHTTP2
 typedef struct isc_nmsocket_tls_send_req {
 	isc_nmsocket_t *tlssock;
 	isc_region_t data;
@ -764,6 +763,8 @@ typedef struct isc_nmsocket_tls_send_req {
 	uint8_t smallbuf[512];
 } isc_nmsocket_tls_send_req_t;

+#if HAVE_LIBNGHTTP2
+
 typedef enum isc_http_request_type {
 	ISC_HTTP_REQ_GET,
 	ISC_HTTP_REQ_POST,
@ -901,7 +902,6 @@ struct isc_nmsocket {
 		const char *tls_verify_errmsg;
 	} tls;

-#if HAVE_LIBNGHTTP2
 	/*% TLS stuff */
 	struct tlsstream {
 		bool server;
@ -927,6 +927,7 @@ struct isc_nmsocket {
 		bool tcp_nodelay_value;
 	} tlsstream;

+#if HAVE_LIBNGHTTP2
 	isc_nmsocket_h2_t h2;
 #endif /* HAVE_LIBNGHTTP2 */

@ -1542,7 +1543,6 @@ isc__nm_tlsdns_xfr_allowed(isc_nmsocket_t *sock);
 void
 isc__nm_tlsdns_cleanup_data(isc_nmsocket_t *sock);

-#if HAVE_LIBNGHTTP2
 void
 isc__nm_tls_send(isc_nmhandle_t *handle, const isc_region_t *region,
 		 isc_nm_cb_t cb, void *cbarg);
@ -1629,6 +1629,8 @@ isc__nmhandle_tls_get_selected_alpn(isc_nmhandle_t *handle,
 isc_result_t
 isc__nmhandle_tls_set_tcp_nodelay(isc_nmhandle_t *handle, const bool value);

+#if HAVE_LIBNGHTTP2
+
 void
 isc__nm_http_stoplistening(isc_nmsocket_t *sock);

--- a/lib/isc/netmgr/netmgr.c
+++ b/lib/isc/netmgr/netmgr.c
@ -349,11 +349,9 @@ isc_nmhandle_setwritetimeout(isc_nmhandle_t *handle, uint64_t write_timeout) {
 	case isc_nm_tlsdnssocket:
 		handle->sock->write_timeout = write_timeout;
 		break;
-#ifdef HAVE_LIBNGHTTP2
 	case isc_nm_tlssocket:
 		isc__nmhandle_tls_setwritetimeout(handle, write_timeout);
 		break;
-#endif /* HAVE_LIBNGHTTP2 */
 	case isc_nm_streamdnssocket:
 		isc__nmhandle_streamdns_setwritetimeout(handle, write_timeout);
 		break;
@ -474,11 +472,10 @@ process_netievent(void *arg) {
 		NETIEVENT_CASE(tlsdnsstop);
 		NETIEVENT_CASE(tlsdnsshutdown);

-#if HAVE_LIBNGHTTP2
 		NETIEVENT_CASE(tlssend);
 		NETIEVENT_CASE(tlsclose);
 		NETIEVENT_CASE(tlsdobio);
-
+#if HAVE_LIBNGHTTP2
 		NETIEVENT_CASE(httpsend);
 		NETIEVENT_CASE(httpclose);
 		NETIEVENT_CASE(httpendpoints);
@ -724,8 +721,8 @@ nmsocket_cleanup(isc_nmsocket_t *sock, bool dofree FLARG) {
 	isc_astack_destroy(sock->inactivereqs);

 	isc__nm_tlsdns_cleanup_data(sock);
-#if HAVE_LIBNGHTTP2
 	isc__nm_tls_cleanup_data(sock);
+#if HAVE_LIBNGHTTP2
 	isc__nm_http_cleanup_data(sock);
 #endif
 	isc__nm_streamdns_cleanup_data(sock);
@ -861,10 +858,10 @@ isc___nmsocket_prep_destroy(isc_nmsocket_t *sock FLARG) {
 		case isc_nm_streamdnssocket:
 			isc__nm_streamdns_close(sock);
 			return;
-#if HAVE_LIBNGHTTP2
 		case isc_nm_tlssocket:
 			isc__nm_tls_close(sock);
 			return;
+#if HAVE_LIBNGHTTP2
 		case isc_nm_httpsocket:
 			isc__nm_http_close(sock);
 			return;
@ -1009,9 +1006,7 @@ isc___nmsocket_init(isc_nmsocket_t *sock, isc__networker_t *worker,

 	isc_refcount_init(&sock->references, 1);

-#if HAVE_LIBNGHTTP2
 	memset(&sock->tlsstream, 0, sizeof(sock->tlsstream));
-#endif /* HAVE_LIBNGHTTP2 */

 	NETMGR_TRACE_LOG("isc__nmsocket_init():%p->references = %" PRIuFAST32
 			 "\n",
@ -1420,11 +1415,9 @@ isc__nm_failed_read_cb(isc_nmsocket_t *sock, isc_result_t result, bool async) {
 	case isc_nm_tlsdnssocket:
 		isc__nm_tlsdns_failed_read_cb(sock, result, async);
 		return;
-#ifdef HAVE_LIBNGHTTP2
 	case isc_nm_tlssocket:
 		isc__nm_tls_failed_read_cb(sock, result, async);
 		return;
-#endif
 	case isc_nm_streamdnssocket:
 		isc__nm_streamdns_failed_read_cb(sock, result, async);
 		return;
@ -1534,11 +1527,9 @@ isc__nmsocket_timer_restart(isc_nmsocket_t *sock) {
 	REQUIRE(VALID_NMSOCK(sock));

 	switch (sock->type) {
-#ifdef HAVE_LIBNGHTTP2
 	case isc_nm_tlssocket:
 		isc__nmsocket_tls_timer_restart(sock);
 		return;
-#endif /* HAVE_LIBNGHTTP2 */
 	case isc_nm_streamdnssocket:
 		isc__nmsocket_streamdns_timer_restart(sock);
 		return;
@ -1581,10 +1572,8 @@ isc__nmsocket_timer_running(isc_nmsocket_t *sock) {
 	REQUIRE(VALID_NMSOCK(sock));

 	switch (sock->type) {
-#ifdef HAVE_LIBNGHTTP2
 	case isc_nm_tlssocket:
 		return (isc__nmsocket_tls_timer_running(sock));
-#endif /* HAVE_LIBNGHTTP2 */
 	case isc_nm_streamdnssocket:
 		return (isc__nmsocket_streamdns_timer_running(sock));
 	default:
@ -1612,11 +1601,9 @@ isc__nmsocket_timer_stop(isc_nmsocket_t *sock) {
 	REQUIRE(VALID_NMSOCK(sock));

 	switch (sock->type) {
-#ifdef HAVE_LIBNGHTTP2
 	case isc_nm_tlssocket:
 		isc__nmsocket_tls_timer_stop(sock);
 		return;
-#endif /* HAVE_LIBNGHTTP2 */
 	case isc_nm_streamdnssocket:
 		isc__nmsocket_streamdns_timer_stop(sock);
 		return;
@ -1871,10 +1858,10 @@ isc_nmhandle_cleartimeout(isc_nmhandle_t *handle) {
 	case isc_nm_httpsocket:
 		isc__nm_http_cleartimeout(handle);
 		return;
+#endif
 	case isc_nm_tlssocket:
 		isc__nm_tls_cleartimeout(handle);
 		return;
-#endif
 	case isc_nm_streamdnssocket:
 		isc__nmhandle_streamdns_cleartimeout(handle);
 		return;
@ -1897,10 +1884,10 @@ isc_nmhandle_settimeout(isc_nmhandle_t *handle, uint32_t timeout) {
 	case isc_nm_httpsocket:
 		isc__nm_http_settimeout(handle, timeout);
 		return;
+#endif
 	case isc_nm_tlssocket:
 		isc__nm_tls_settimeout(handle, timeout);
 		return;
-#endif
 	case isc_nm_streamdnssocket:
 		isc__nmhandle_streamdns_settimeout(handle, timeout);
 		return;
@ -1934,10 +1921,10 @@ isc_nmhandle_keepalive(isc_nmhandle_t *handle, bool value) {
 	case isc_nm_streamdnssocket:
 		isc__nmhandle_streamdns_keepalive(handle, value);
 		break;
-#if HAVE_LIBNGHTTP2
 	case isc_nm_tlssocket:
 		isc__nmhandle_tls_keepalive(handle, value);
 		break;
+#if HAVE_LIBNGHTTP2
 	case isc_nm_httpsocket:
 		isc__nmhandle_http_keepalive(handle, value);
 		break;
@ -2070,10 +2057,10 @@ isc_nm_send(isc_nmhandle_t *handle, isc_region_t *region, isc_nm_cb_t cb,
 	case isc_nm_streamdnssocket:
 		isc__nm_streamdns_send(handle, region, cb, cbarg);
 		break;
-#if HAVE_LIBNGHTTP2
 	case isc_nm_tlssocket:
 		isc__nm_tls_send(handle, region, cb, cbarg);
 		break;
+#if HAVE_LIBNGHTTP2
 	case isc_nm_httpsocket:
 		isc__nm_http_send(handle, region, cb, cbarg);
 		break;
@ -2103,10 +2090,10 @@ isc_nm_read(isc_nmhandle_t *handle, isc_nm_recv_cb_t cb, void *cbarg) {
 	case isc_nm_streamdnssocket:
 		isc__nm_streamdns_read(handle, cb, cbarg);
 		break;
-#if HAVE_LIBNGHTTP2
 	case isc_nm_tlssocket:
 		isc__nm_tls_read(handle, cb, cbarg);
 		break;
+#if HAVE_LIBNGHTTP2
 	case isc_nm_httpsocket:
 		isc__nm_http_read(handle, cb, cbarg);
 		break;
@ -2148,11 +2135,9 @@ isc_nm_read_stop(isc_nmhandle_t *handle) {
 	case isc_nm_tcpsocket:
 		isc__nm_tcp_read_stop(handle);
 		break;
-#if HAVE_LIBNGHTTP2
 	case isc_nm_tlssocket:
 		isc__nm_tls_read_stop(handle);
 		break;
-#endif
 	default:
 		UNREACHABLE();
 	}
@ -2178,10 +2163,10 @@ isc_nm_stoplistening(isc_nmsocket_t *sock) {
 	case isc_nm_streamdnslistener:
 		isc__nm_streamdns_stoplistening(sock);
 		break;
-#if HAVE_LIBNGHTTP2
 	case isc_nm_tlslistener:
 		isc__nm_tls_stoplistening(sock);
 		break;
+#if HAVE_LIBNGHTTP2
 	case isc_nm_httplistener:
 		isc__nm_http_stoplistening(sock);
 		break;
@ -2413,11 +2398,9 @@ isc__nmsocket_reset(isc_nmsocket_t *sock) {
 		 */
 		REQUIRE(sock->parent == NULL);
 		break;
-#ifdef HAVE_LIBNGHTTP2
 	case isc_nm_tlssocket:
 		isc__nmsocket_tls_reset(sock);
 		return;
-#endif /* HAVE_LIBNGHTTP2 */
 	case isc_nm_streamdnssocket:
 		isc__nmsocket_streamdns_reset(sock);
 		return;
@ -2641,9 +2624,7 @@ isc_nm_bad_request(isc_nmhandle_t *handle) {
 	case isc_nm_tlsdnssocket:
 	case isc_nm_tcpsocket:
 	case isc_nm_streamdnssocket:
-#if HAVE_LIBNGHTTP2
 	case isc_nm_tlssocket:
-#endif /* HAVE_LIBNGHTTP2 */
 		REQUIRE(sock->parent == NULL);
 		isc__nmsocket_reset(sock);
 		return;
@ -2716,11 +2697,8 @@ isc_nm_set_maxage(isc_nmhandle_t *handle, const uint32_t ttl) {
 	case isc_nm_streamdnssocket:
 		return;
 		break;
-
 	case isc_nm_tcpsocket:
-#if HAVE_LIBNGHTTP2
 	case isc_nm_tlssocket:
-#endif /* HAVE_LIBNGHTTP2 */
 	default:
 		UNREACHABLE();
 		break;
@ -2742,9 +2720,7 @@ isc_nm_has_encryption(const isc_nmhandle_t *handle) {

 	switch (handle->sock->type) {
 	case isc_nm_tlsdnssocket:
-#if HAVE_LIBNGHTTP2
 	case isc_nm_tlssocket:
-#endif /* HAVE_LIBNGHTTP2 */
 		return (true);
 #if HAVE_LIBNGHTTP2
 	case isc_nm_httpsocket:
@ -2771,10 +2747,10 @@ isc_nm_verify_tls_peer_result_string(const isc_nmhandle_t *handle) {
 	case isc_nm_tlsdnssocket:
 		return (isc__nm_tlsdns_verify_tls_peer_result_string(handle));
 		break;
-#if HAVE_LIBNGHTTP2
 	case isc_nm_tlssocket:
 		return (isc__nm_tls_verify_tls_peer_result_string(handle));
 		break;
+#if HAVE_LIBNGHTTP2
 	case isc_nm_httpsocket:
 		return (isc__nm_http_verify_tls_peer_result_string(handle));
 		break;
@ -2803,11 +2779,9 @@ isc__nm_async_settlsctx(isc__networker_t *worker, isc__netievent_t *ev0) {
 	case isc_nm_tlsdnslistener:
 		isc__nm_async_tlsdns_set_tlsctx(listener, tlsctx, tid);
 		break;
-#if HAVE_LIBNGHTTP2
 	case isc_nm_tlslistener:
 		isc__nm_async_tls_set_tlsctx(listener, tlsctx, tid);
 		break;
-#endif /* HAVE_LIBNGHTTP2 */
 	default:
 		UNREACHABLE();
 		break;
@ -2845,10 +2819,10 @@ isc_nmsocket_set_tlsctx(isc_nmsocket_t *listener, isc_tlsctx_t *tlsctx) {
 		 */
 		isc__nm_http_set_tlsctx(listener, tlsctx);
 		break;
+#endif /* HAVE_LIBNGHTTP2 */
 	case isc_nm_tlslistener:
 		set_tlsctx_workers(listener, tlsctx);
 		break;
-#endif /* HAVE_LIBNGHTTP2 */
 	case isc_nm_tlsdnslistener:
 		set_tlsctx_workers(listener, tlsctx);
 		break;
@ -2980,11 +2954,9 @@ isc__nmhandle_set_manual_timer(isc_nmhandle_t *handle, const bool manual) {
 	case isc_nm_tcpsocket:
 		isc__nmhandle_tcp_set_manual_timer(handle, manual);
 		return;
-#if HAVE_LIBNGHTTP2
 	case isc_nm_tlssocket:
 		isc__nmhandle_tls_set_manual_timer(handle, manual);
 		return;
-#endif /* HAVE_LIBNGHTTP2 */
 	default:
 		break;
 	};
@ -3003,11 +2975,9 @@ isc__nmhandle_get_selected_alpn(isc_nmhandle_t *handle,
 	REQUIRE(VALID_NMSOCK(sock));

 	switch (sock->type) {
-#if HAVE_LIBNGHTTP2
 	case isc_nm_tlssocket:
 		isc__nmhandle_tls_get_selected_alpn(handle, alpn, alpnlen);
 		return;
-#endif /* HAVE_LIBNGHTTP2 */
 	default:
 		break;
 	};