Local DoH support, continued

Author: jedisct1

dnscrypt-proxy/config.go

@@ -34,6 +34,8 @@ type Config struct {
 	DisabledServerNames      []string `toml:"disabled_server_names"`
 	ListenAddresses          []string `toml:"listen_addresses"`
 	LocalDoHListenAddresses  []string `toml:"local_doh_listen_addresses"`
+	LocalDoHCertFile         string   `toml:"local_doh_cert_file"`
+	LocalDoHCertKeyFile      string   `toml:"local_doh_cert_key_file"`
 	Daemonize                bool
 	UserName                 string `toml:"user_name"`
 	ForceTCP                 bool   `toml:"force_tcp"`
@@ -96,6 +98,8 @@ func newConfig() Config {
 		LogLevel:                 int(dlog.LogLevel()),
 		ListenAddresses:          []string{"127.0.0.1:53"},
 		LocalDoHListenAddresses:  []string{"127.0.0.1:443"},
+		LocalDoHCertFile:         "localhost.pem",
+		LocalDoHCertKeyFile:      "localhost.pem",
 		Timeout:                  5000,
 		KeepAlive:                5,
 		CertRefreshDelay:         240,
@@ -352,6 +356,8 @@ func ConfigLoad(proxy *Proxy, flags *ConfigFlags) error {
 
 	proxy.listenAddresses = config.ListenAddresses
 	proxy.localDoHListenAddresses = config.LocalDoHListenAddresses
+	proxy.localDoHCertFile = config.LocalDoHCertFile
+	proxy.localDoHCertKeyFile = config.LocalDoHCertKeyFile
 	proxy.daemonize = config.Daemonize
 	proxy.pluginBlockIPv6 = config.BlockIPv6
 	proxy.cache = config.Cache

dnscrypt-proxy/local-doh.go

@@ -15,8 +15,10 @@ type localDoHHandler struct {
 
 func (handler localDoHHandler) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
 	dataType := "application/dns-message"
+	writer.Header().Set("Server", "dnscrypt-proxy")
 	if request.Header.Get("Content-Type") != dataType {
 		writer.WriteHeader(400)
+		writer.Write([]byte("Unexpected Content-Type\n"))
 		return
 	}
 	proxy := handler.proxy
@@ -32,14 +34,14 @@ func (handler localDoHHandler) ServeHTTP(writer http.ResponseWriter, request *ht
 		dlog.Warnf("No body in a local DoH query")
 		return
 	}
-	response := proxy.processIncomingQuery(proxy.serversInfo.getOne(), "tcp", "tcp", packet, &xClientAddr, nil, start)
+	response := proxy.processIncomingQuery(proxy.serversInfo.getOne(), "http", proxy.mainProto, packet, &xClientAddr, nil, start)
 	if len(response) == 0 {
 		writer.WriteHeader(500)
 		return
 	}
+	writer.Header().Set("Content-Type", "application/dns-message")
+	writer.Header().Set("Content-Length", string(len(response)))
 	writer.WriteHeader(200)
-	writer.Header().Add("Server", "dnscrypt-proxy")
-	writer.Header().Add("Content-Type", "application/dns-message")
 	writer.Write(response)
 }
 
@@ -50,7 +52,7 @@ func (proxy *Proxy) localDoHListener(acceptPc *net.TCPListener) {
 		WriteTimeout: proxy.timeout,
 		Handler:      localDoHHandler{proxy: proxy},
 	}
-	if err := httpServer.Serve(acceptPc); err != nil {
+	if err := httpServer.ServeTLS(acceptPc, proxy.localDoHCertFile, proxy.localDoHCertKeyFile); err != nil {
 		dlog.Fatal(err)
 	}
 }

dnscrypt-proxy/proxy.go

@@ -32,6 +32,8 @@ type Proxy struct {
 	mainProto                     string
 	listenAddresses               []string
 	localDoHListenAddresses       []string
+	localDoHCertFile              string
+	localDoHCertKeyFile           string
 	daemonize                     bool
 	registeredServers             []RegisteredServer
 	registeredRelays              []RegisteredServer
@@ -558,9 +560,12 @@ func (proxy *Proxy) processIncomingQuery(serverInfo *ServerInfo, clientProto str
 			}
 			return
 		}
-		clientPc.Write(response)
+		if clientPc != nil {
+			clientPc.Write(response)
+		}
 	}
 	pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
+
 	return response
 }