Fallback to normal connection if TLS fails
As described in document draft-ietf-dprive-dns-over-tls [1] we should fallback to normal connection (without TLS) if there's any error with the TLS connection. See #297 [1] http://tools.ietf.org/html/draft-ietf-dprive-dns-over-tls-02
This commit is contained in:
parent
ce3e1286f2
commit
124839738d
19
client.go
19
client.go
|
@ -161,6 +161,7 @@ func (c *Client) exchange(m *Msg, a string) (r *Msg, rtt time.Duration, err erro
|
|||
network = c.Net
|
||||
}
|
||||
|
||||
connect:
|
||||
if c.TLS {
|
||||
// TLS connection is always TCP
|
||||
co, err = DialTimeoutWithTLS("tcp", a, c.TLSConfig, c.dialTimeout())
|
||||
|
@ -168,7 +169,23 @@ func (c *Client) exchange(m *Msg, a string) (r *Msg, rtt time.Duration, err erro
|
|||
co, err = DialTimeout(network, a, c.dialTimeout())
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
// TODO(rafaeljusto)
|
||||
//
|
||||
// draft-ietf-dprive-dns-over-tls (section 3.1)
|
||||
//
|
||||
// DNS clients SHOULD remember server IP addresses that don't support
|
||||
// DNS-over-TLS, including timeouts, connection refusals, and TLS
|
||||
// handshake failures, and not request DNS-over-TLS from them for a
|
||||
// reasonable period (such as one hour per server). DNS clients
|
||||
// following an out-of-band key-pinned privacy profile MAY be more
|
||||
// aggressive about retrying DNS-over-TLS connection failures.
|
||||
if err != nil && c.TLS {
|
||||
// TODO(rafaeljusto)
|
||||
// Log the error somewhere or just ignore it?
|
||||
c.TLS = false
|
||||
goto connect
|
||||
|
||||
} else if err != nil {
|
||||
return nil, 0, err
|
||||
}
|
||||
defer co.Close()
|
||||
|
|
Loading…
Reference in New Issue