Update deps

Fixes #103

.github/workflows/issues.yml

@@ -0,0 +1,17 @@
+name: Close inactive issues
+on:
+  schedule:
+    - cron: "30 1 * * *"
+
+jobs:
+  close-issues:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@v9
+        with:
+          stale-issue-message: "This issue is stale because it has been open for 30 days with no activity."
+          close-issue-message: "This issue was closed because it has been inactive for 14 days since being marked as stale."
+          repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yml

@@ -16,7 +16,7 @@ jobs:
 
       - uses: actions/checkout@v3
 
-      - uses: goto-bus-stop/setup-zig@v2
+      - uses: mlugg/setup-zig@v1
         with:
           version: 0.10.1
 
@@ -33,6 +33,9 @@ jobs:
       - name: Install cargo-deb
         run: cargo install cargo-deb
 
+      - name: Install cargo-generate-rpm
+        run: cargo install cargo-generate-rpm
+
       - name: Install cargo-zigbuild
         run: cargo install cargo-zigbuild
 
@@ -43,7 +46,7 @@ jobs:
           mkdir doh-proxy
           mv target/x86_64-unknown-linux-musl/release/doh-proxy doh-proxy/
           cp README.md localhost.pem doh-proxy/
-          tar cJpf doh-proxy_${{ steps.get_version.outputs.VERSION }}_linux-x86_64.tar.bz2 doh-proxy
+          tar cjpf doh-proxy_${{ steps.get_version.outputs.VERSION }}_linux-x86_64.tar.bz2 doh-proxy
           rm -fr doh-proxy
 
       - name: Release build Linux-aarch64
@@ -53,7 +56,7 @@ jobs:
           mkdir doh-proxy
           mv target/aarch64-unknown-linux-musl/release/doh-proxy doh-proxy/
           cp README.md localhost.pem doh-proxy/
-          tar cJpf doh-proxy_${{ steps.get_version.outputs.VERSION }}_linux-aarch64.tar.bz2 doh-proxy
+          tar cjpf doh-proxy_${{ steps.get_version.outputs.VERSION }}_linux-aarch64.tar.bz2 doh-proxy
           rm -fr doh-proxy
 
       - name: Release build Windows-x86_64
@@ -73,6 +76,16 @@ jobs:
           rustup target add aarch64-unknown-linux-musl
           env RUSTFLAGS="-C strip=symbols" cargo deb --no-strip --cargo-build=zigbuild --target=aarch64-unknown-linux-musl
 
+      - name: RPM packages
+        run: |
+          rustup target add x86_64-unknown-linux-gnu
+          env RUSTFLAGS="-C strip=symbols" cargo-zigbuild build --target=x86_64-unknown-linux-gnu.2.17 --release
+          mv target/x86_64-unknown-linux-musl/release/doh-proxy target/release/
+          cargo generate-rpm --target x86_64-unknown-linux-gnu
+          rustup target add aarch64-unknown-linux-gnu
+          env RUSTFLAGS="-C strip=symbols" cargo-zigbuild build --target=aarch64-unknown-linux-gnu.2.17 --release
+          cargo generate-rpm --target aarch64-unknown-linux-gnu
+
       - name: Create release
         id: create_release
         uses: actions/create-release@v1
@@ -91,10 +104,32 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_name: "doh-proxy_${{ steps.get_version.outputs.VERSION }}_amd64.deb"
+          asset_name: "doh-proxy_${{ steps.get_version.outputs.VERSION }}-1_amd64.deb"
-          asset_path: "target/x86_64-unknown-linux-musl/debian/doh-proxy_${{ steps.get_version.outputs.VERSION }}_amd64.deb"
+          asset_path: "target/x86_64-unknown-linux-musl/debian/doh-proxy_${{ steps.get_version.outputs.VERSION }}-1_amd64.deb"
           asset_content_type: application/x-debian-package
 
+      - name: Upload RPM package for x86_64
+        id: upload-release-asset-rpm-x86_64
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_name: "doh-proxy-${{ steps.get_version.outputs.VERSION }}-1.x86_64.rpm"
+          asset_path: "target/x86_64-unknown-linux-gnu/generate-rpm/doh-proxy-${{ steps.get_version.outputs.VERSION }}-1.x86_64.rpm"
+          asset_content_type: application/x-redhat-package-manager
+
+      - name: Upload RPM package for aarch64
+        id: upload-release-asset-rpm-aarch64
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_name: "doh-proxy-${{ steps.get_version.outputs.VERSION }}-1.aarch64.rpm"
+          asset_path: "target/aarch64-unknown-linux-gnu/generate-rpm/doh-proxy-${{ steps.get_version.outputs.VERSION }}-1.aarch64.rpm"
+          asset_content_type: application/x-redhat-package-manager
+
       - name: Upload tarball for linux-x86_64
         id: upload-release-asset-tarball-linux-x86_64
         uses: actions/upload-release-asset@v1

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "doh-proxy"
-version = "0.9.10"
+version = "0.9.11"
 authors = ["Frank Denis <github@pureftpd.org>"]
 description = "A DNS-over-HTTPS (DoH) and ODoH (Oblivious DoH) proxy"
 keywords = ["dns", "https", "doh", "odoh", "proxy"]
@@ -18,8 +18,14 @@ tls = ["libdoh/tls"]
 [dependencies]
 libdoh = { path = "src/libdoh", version = "0.9.9", default-features = false }
 clap = { version = "4", features = ["std", "cargo", "wrap_help", "string"] }
-dnsstamps = "0.1.9"
+dnsstamps = "0.1.10"
-mimalloc = { version = "0.1.37", default-features = false }
+mimalloc = { version = "0.1.44", default-features = false }
+
+[package.metadata.generate-rpm]
+assets = [
+  { source = "target/release/doh-proxy", dest = "/usr/bin/doh-proxy", mode = "755" },
+  { source = "README.md", dest = "/usr/share/doc/doh-proxy/README.md", mode = "644", doc = true },
+]
 
 [package.metadata.deb]
 extended-description = """\

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2018-2023 Frank Denis
+Copyright (c) 2018-2025 Frank Denis
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -195,10 +195,14 @@ This [Go code snippet](https://gist.github.com/d6cb41742a1ceb54d48cc286f3d5c5fa)
 
 ### Common certificate hashes
 
-* Let's Encrypt R3:
-  * `444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce`
 * Let's Encrypt E1:
   * `cc1060d39c8329b62b6fbc7d0d6df9309869b981e7e6392d5cd8fa408f4d80e6`
+* Let's Encrypt R3:
+  * `444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce`
+* Let's Encrypt R10:
+  * `e644ba6963e335fe765cb9976b12b10eb54294b42477764ccb3a3acca3acb2fc`
+* ZeroSSL:
+  * `9a3a34f727deb9bca51003d9ce9c39f8f27dd9c5242901c2bab1a44e635a0219`
 
 ## Clients
 

src/config.rs

@@ -240,39 +240,42 @@ pub fn parse_opts(globals: &mut Globals) {
             .or_else(|| globals.tls_cert_path.clone());
     }
 
-    if let Some(hostname) = matches.get_one::<String>("hostname") {
+    match matches.get_one::<String>("hostname") {
-        let mut builder =
+        Some(hostname) => {
-            dnsstamps::DoHBuilder::new(hostname.to_string(), globals.path.to_string());
+            let mut builder =
-        if let Some(public_address) = matches.get_one::<String>("public_address") {
+                dnsstamps::DoHBuilder::new(hostname.to_string(), globals.path.to_string());
-            builder = builder.with_address(public_address.to_string());
+            if let Some(public_address) = matches.get_one::<String>("public_address") {
-        }
+                builder = builder.with_address(public_address.to_string());
-        if let Some(public_port) = matches.get_one::<String>("public_port") {
+            }
-            let public_port = public_port.parse().expect("Invalid public port");
+            if let Some(public_port) = matches.get_one::<String>("public_port") {
-            builder = builder.with_port(public_port);
+                let public_port = public_port.parse().expect("Invalid public port");
-        }
+                builder = builder.with_port(public_port);
-        println!(
+            }
-            "Test DNS stamp to reach [{}] over DoH: [{}]\n",
+            println!(
-            hostname,
+                "Test DNS stamp to reach [{}] over DoH: [{}]\n",
-            builder.serialize().unwrap()
+                hostname,
-        );
+                builder.serialize().unwrap()
+            );
 
-        let mut builder =
+            let mut builder =
-            dnsstamps::ODoHTargetBuilder::new(hostname.to_string(), globals.path.to_string());
+                dnsstamps::ODoHTargetBuilder::new(hostname.to_string(), globals.path.to_string());
-        if let Some(public_port) = matches.get_one::<String>("public_port") {
+            if let Some(public_port) = matches.get_one::<String>("public_port") {
-            let public_port = public_port.parse().expect("Invalid public port");
+                let public_port = public_port.parse().expect("Invalid public port");
-            builder = builder.with_port(public_port);
+                builder = builder.with_port(public_port);
-        }
+            }
-        println!(
+            println!(
-            "Test DNS stamp to reach [{}] over Oblivious DoH: [{}]\n",
+                "Test DNS stamp to reach [{}] over Oblivious DoH: [{}]\n",
-            hostname,
+                hostname,
-            builder.serialize().unwrap()
+                builder.serialize().unwrap()
-        );
+            );
 
-        println!("Check out https://dnscrypt.info/stamps/ to compute the actual stamps.\n")
+            println!("Check out https://dnscrypt.info/stamps/ to compute the actual stamps.\n")
-    } else {
+        }
-        println!(
+        _ => {
+            println!(
             "Please provide a fully qualified hostname (-H <hostname> command-line option) to get \
              test DNS stamps for your server.\n"
         );
+        }
     }
 }

src/libdoh/Cargo.toml

@@ -1,13 +1,13 @@
 [package]
 name = "libdoh"
-version = "0.9.10"
+version = "0.9.11"
 authors = ["Frank Denis <github@pureftpd.org>"]
 description = "DoH and Oblivious DoH library for the rust-doh app"
-keywords = ["dns","https","doh","odoh","proxy"]
+keywords = ["dns", "https", "doh", "odoh", "proxy"]
 license = "MIT"
 homepage = "https://github.com/jedisct1/rust-doh"
 repository = "https://github.com/jedisct1/rust-doh"
-categories = ["asynchronous", "network-programming","command-line-utilities"]
+categories = ["asynchronous", "network-programming", "command-line-utilities"]
 edition = "2018"
 
 [features]
@@ -15,18 +15,31 @@ default = ["tls"]
 tls = ["tokio-rustls"]
 
 [dependencies]
-anyhow = "1.0.71"
+anyhow = "1.0.97"
-arc-swap = "1.6.0"
+arc-swap = "1.7.1"
-base64 = "0.21.2"
+base64 = "0.22.1"
-byteorder = "1.4.3"
+byteorder = "1.5.0"
-bytes = "1.4.0"
+bytes = "1.10.1"
-futures = "0.3.28"
+futures = "0.3.31"
-hyper = { version = "0.14.27", default-features = false, features = ["server", "http1", "http2", "stream"] }
+hyper = { version = "^0.14.32", default-features = false, features = [
-odoh-rs = "1.0.2"
+    "server",
-rand = "0.8.5"
+    "http1",
-tokio = { version = "1.29.1", features = ["net", "rt-multi-thread", "time", "sync"] }
+    "http2",
-tokio-rustls = { version = "0.24.1", features = ["early-data"], optional = true }
+    "stream",
-rustls-pemfile = "1.0.3"
+    "runtime",
+] }
+odoh-rs = "1.0.3"
+rand = "^0.8.5"
+tokio = { version = "1.44.1", features = [
+    "net",
+    "rt-multi-thread",
+    "time",
+    "sync",
+] }
+tokio-rustls = { version = "^0.24.1", features = [
+    "early-data",
+], optional = true }
+rustls-pemfile = "^1.0.4"
 
 [profile.release]
 codegen-units = 1

src/libdoh/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2018-2023 Frank Denis
+Copyright (c) 2018-2025 Frank Denis
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

src/libdoh/src/lib.rs

@@ -257,10 +257,7 @@ impl DoH {
         content_types: &[&'static str],
     ) -> Option<&'static str> {
         let accept = headers.get(hyper::header::ACCEPT);
-        let accept = match accept {
+        let accept = accept?;
-            None => return None,
-            Some(accept) => accept,
-        };
         for part in accept.to_str().unwrap_or("").split(',').map(|s| s.trim()) {
             if let Some(found) = part
                 .split(';')

src/libdoh/src/odoh.rs

@@ -77,7 +77,7 @@ impl ODoHPublicKey {
 
 impl ODoHQueryContext {
     pub fn encrypt_response(self, response_body: Vec<u8>) -> Result<Vec<u8>, DoHError> {
-        let response_nonce = rand::thread_rng().gen::<ResponseNonce>();
+        let response_nonce = rand::thread_rng().r#gen::<ResponseNonce>();
         let response_body_ = ObliviousDoHMessagePlaintext::new(response_body, 0);
         let encrypted_response = odoh_rs::encrypt_response(
             &self.query,

src/libdoh/src/tls.rs

@@ -87,12 +87,9 @@ where
             let server_config_builder = ServerConfig::builder()
                 .with_safe_defaults()
                 .with_no_client_auth();
-            if let Ok(found_config) =
+            match server_config_builder.with_single_cert(certs.clone(), certs_key) {
-                server_config_builder.with_single_cert(certs.clone(), certs_key)
+                Ok(found_config) => Some(found_config),
-            {
+                _ => None,
-                Some(found_config)
-            } else {
-                None
             }
         })
         .ok_or_else(|| {