TLS DNS: do not call accept callback twice (!6439) · Merge requests · ISC Open Source Projects / BIND

Artem Boldariev requested to merge artem-tlsdns-do-not-call-acceptcb-twice into main Jun 15, 2022

Before the changes from this commit were introduced, the accept callback function would get called twice when accepting connection during two of these stages:

when accepting the TCP connection;
when handshake has completed.

That is clearly an error, as it should have been called only once. As far as I understand it the mistake is a result of TLS DNS transport being essentially a fork of TCP transport, where calling the accept callback immediately after accepting TCP connection makes sense.

This commit fixes this mistake. It did not have any very serious consequences because in BIND the accept callback only checks an ACL and updates stats.

Edited Jun 15, 2022 by Artem Boldariev

TLS DNS: do not call accept callback twice

Merge request reports