doh support: make no TLS config fatal (#4162)

without TLS you can't have a functioning DoH server as no client will be able to talk to it. Make this a fatal failure. Add some extra docs on how to start a DoH capable server. Signed-off-by: Miek Gieben <miek@miek.nl>

doh support: make no TLS config fatal (#4162)
without TLS you can't have a functioning DoH server as no client will be able to talk to it. Make this a fatal failure. Add some extra docs on how to start a DoH capable server. Signed-off-by: Miek Gieben <miek@miek.nl>
5235b35e · Miek Gieben · GitHub · 0cb01365 · 5235b35e · 5235b35e
Commit 5235b35e authored Sep 30, 2020 by Miek Gieben Committed by GitHub Sep 30, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 1 deletion

README.md README.md +4 -1

core/dnsserver/server_https.go core/dnsserver/server_https.go +3 -0

No files found.
--- a/README.md
+++ b/README.md
@@ -195,13 +195,16 @@ And for DNS over HTTP/2 (DoH) use:
 ~~~ corefile
 https://example.org {
    whoami
+    tls mycert mykey
 }
 ~~~
+Note that you must have the *tls* plugin configured as DoH requires that to be setup.
 Specifying ports works in the same way:
 ~~~ txt
-grpc://example.org:1443 {
+grpc://example.org:1443 https://example.org:1444 {
    # ...
 }
 ~~~

--- a/core/dnsserver/server_https.go
+++ b/core/dnsserver/server_https.go
@@ -38,6 +38,9 @@ func NewServerHTTPS(addr string, group []*Config) (*ServerHTTPS, error) {
 		// Should we error if some configs *don't* have TLS?
 		tlsConfig = conf.TLSConfig
 	}
+	if tlsConfig == nil {
+		return nil, fmt.Errorf("DoH requires TLS to be configured, see the tls plugin")
+	}
 	srv := &http.Server{
 		ReadTimeout:  5 * time.Second,