marek/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Util: Specify hostname for SSLEepGet socket when using DoH

Browse Source
This commit is contained in:
zzz
2021-03-18 09:39:14 -04:00
parent 1e0847271f
commit 615365ec24
1 changed files with 27 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
core/java/src/net/i2p/util/SSLEepGet.java
View File

@ -766,19 +766,26 @@ public class SSLEepGet extends EepGet {
String originalHost = host; String originalHost = host;
boolean useDNSOverHTTPS; boolean useDNSOverHTTPS;
if (_forceDoH == 2) if (_forceDoH == 1 || _shouldProxy)
useDNSOverHTTPS = true;
else if (_forceDoH == 1)
useDNSOverHTTPS = false; useDNSOverHTTPS = false;
else if (_forceDoH == 2)
useDNSOverHTTPS = true;
else else
useDNSOverHTTPS = _context.getProperty(PROP_USE_DNS_OVER_HTTPS, DEFAULT_USE_DNS_OVER_HTTPS); useDNSOverHTTPS = _context.getProperty(PROP_USE_DNS_OVER_HTTPS, DEFAULT_USE_DNS_OVER_HTTPS);
// This duplicates checks in DNSOverHTTPS.lookup() but do it here too so // This duplicates checks in DNSOverHTTPS.lookup() but do it here too so
// we don't even construct it if we don't need it // we don't even construct it if we don't need it
String ip = null;
if (useDNSOverHTTPS && !host.equals("dns.google") && !Addresses.isIPAddress(host)) { if (useDNSOverHTTPS && !host.equals("dns.google") && !Addresses.isIPAddress(host)) {
DNSOverHTTPS doh = new DNSOverHTTPS(_context, getSSLState()); DNSOverHTTPS doh = new DNSOverHTTPS(_context, getSSLState());
String ip = doh.lookup(host); ip = doh.lookup(host);
if (ip != null) if (ip != null) {
host = ip; // will be used below
if (_log.shouldDebug())
_log.debug("DoH success: " + host + ' ' + ip);
} else {
if (_log.shouldWarn())
_log.debug("DoH fail: " + host);
}
} }
if (_shouldProxy) { if (_shouldProxy) {
@ -814,6 +821,20 @@ public class SSLEepGet extends EepGet {
_proxy = ((SSLSocketFactory) SSLSocketFactory.getDefault()).createSocket(_proxy, host, port, true); _proxy = ((SSLSocketFactory) SSLSocketFactory.getDefault()).createSocket(_proxy, host, port, true);
if (_log.shouldLog(Log.DEBUG)) if (_log.shouldLog(Log.DEBUG))
_log.debug(_proxyType + " proxy headers read completely"); _log.debug(_proxyType + " proxy headers read completely");
} else if (ip != null) {
// DoH, create the socket with the IP, then create the SSL socket with the host
// So that SNI and cert validation works
if (_fetchHeaderTimeout > 0) {
_proxy = new Socket();
_proxy.setSoTimeout(_fetchHeaderTimeout);
_proxy.connect(new InetSocketAddress(ip, port), _fetchHeaderTimeout);
} else {
_proxy = new Socket(ip, port);
}
if (_sslContext != null)
_proxy = _sslContext.getSocketFactory().createSocket(_proxy, host, port, true);
else
_proxy = ((SSLSocketFactory) SSLSocketFactory.getDefault()).createSocket(_proxy, host, port, true);
} else { } else {
// Warning, createSocket() followed by connect(InetSocketAddress) // Warning, createSocket() followed by connect(InetSocketAddress)
// disables SNI, at least on Java 7. // disables SNI, at least on Java 7.