gnutls-cli: introduced --sni-hostname option

This allows overriding the value set on the TLS server name indication
extension.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2 files changed, 11 insertions, 1 deletions

diff --git a/src/cli-args.def b/src/cli-args.def
index 202afcd9a0..69917596f2 100644
--- a/src/cli-args.def
+++ b/src/cli-args.def
@@ -81,6 +81,13 @@ flag = {
 };
 
 flag = {
+    name      = sni-hostname;
+    descrip   = "Server's hostname for server name indication extension";
+    arg-type  = string;
+    doc      = "Set explicitly the server name used in the TLS server name indication extension. That is useful when testing with servers setup on different DNS name than the intended. If not specified, the provided hostname is used.";
+};
+
+flag = {
     name      = starttls;
     value     = s;
     descrip   = "Connect, establish a plain session and start TLS";
diff --git a/src/cli.c b/src/cli.c
index 75c228fa49..834f1ff262 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -695,7 +695,10 @@ gnutls_session_t init_tls_session(const char *host)
 	/* allow the use of private ciphersuites.
 	 */
 	if (disable_extensions == 0 && disable_sni == 0) {
-		if (host != NULL && is_ip(host) == 0)
+		if (HAVE_OPT(SNI_HOSTNAME)) {
+			gnutls_server_name_set(session, GNUTLS_NAME_DNS,
+					       OPT_ARG(SNI_HOSTNAME), strlen(OPT_ARG(SNI_HOSTNAME)));
+		} else if (host != NULL && is_ip(host) == 0)
 			gnutls_server_name_set(session, GNUTLS_NAME_DNS,
 					       host, strlen(host));
 	}