Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3aea8db3 authored by Mike Yu's avatar Mike Yu
Browse files

Stop checking IP address with the DoH list if the hostname is known 

If the private DNS hostname is known, the candidate DoH IP addresses
are resolved from the hostname. We already do hostname verification
to ensure the validity of the server, so we don't need to strictly
limit the DoH IP addresses in such case.

Bug: 283708512
Test: set private DNS to dns.google/dns64.dns.google/cloudflare-dns.com
      and saw DoH queries were sent.
Change-Id: I359f14d46495dc55fd906ffeb624b7a2b8453acc
parent ca0ecb95

PrivateDnsConfiguration.h

+16 −5
Original line number Diff line number Diff line
@@ -232,13 +232,24 @@ class PrivateDnsConfiguration { 
        std::string host;

        std::string httpsTemplate;

        bool requireRootPermission;

        base::Result<DohIdentity> getDohIdentity(const std::vector<std::string>& ips,



        base::Result<DohIdentity> getDohIdentity(const std::vector<std::string>& sortedValidIps,

                                                 const std::string& host) const {

            if (!host.empty() && this->host != host) return Errorf("host {} not matched", host);

            for (const auto& ip : ips) {

                if (this->ips.find(ip) == this->ips.end()) continue;

            // If the private DNS hostname is known, `sortedValidIps` are the IP addresses

            // resolved from the hostname, and hostname verification will be performed during

            // TLS handshake to ensure the validity of the server, so it's not necessary to

            // check the IP address.

            if (!host.empty()) {

                if (this->host != host) return Errorf("host {} not matched", host);

                if (!sortedValidIps.empty()) {

                    const auto& ip = sortedValidIps[0];

                    LOG(INFO) << fmt::format("getDohIdentity: {} {}", ip, host);

                    return DohIdentity{httpsTemplate, ip, host, Validation::in_process};

                }

            }

            for (const auto& ip : sortedValidIps) {

                if (ips.find(ip) == ips.end()) continue;

                LOG(INFO) << fmt::format("getDohIdentity: {} {}", ip, host);

                // Only pick the first one for now.

                return DohIdentity{httpsTemplate, ip, host, Validation::in_process};

            }

            return Errorf("server not matched");