Implement SNI when using DNS-over-TLS

Some DNS providers need SNI to identify client. This can be used by adding #name to a DNS. Example: [Resolve] DNS=192.168.1.1#example.com
author: Guilhem Lettron <guilhem@barpilot.io> 2019-11-30 03:51:40 +0100
committer: Yu Watanabe <watanabe.yu+github@gmail.com> 2019-12-04 23:24:06 +0900
commit: 2e22a54f4e085496088b77085f38b66532da59fb (patch)
tree: c3bc6bb24cafaae584504da112beb38d1b946695 /src/resolve/resolved-dnstls-openssl.c
parent: b7aa08ca15d0080bfbdc8820b8b9b617b550a0e0 (diff)
download: systemd-2e22a54f4e085496088b77085f38b66532da59fb.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/src/resolve/resolved-dnstls-openssl.c b/src/resolve/resolved-dnstls-openssl.c
index 85e202ff74..ce0a437371 100644
--- a/src/resolve/resolved-dnstls-openssl.c
+++ b/src/resolve/resolved-dnstls-openssl.c
@@ -87,6 +87,17 @@ int dnstls_stream_connect_tls(DnsStream *stream, DnsServer *server) {
                         return -ECONNREFUSED;
         }
 
+        if (server->server_name) {
+                r = SSL_set_tlsext_host_name(s, server->server_name);
+                if (r <= 0) {
+                        char errbuf[256];
+
+                        error = ERR_get_error();
+                        ERR_error_string_n(error, errbuf, sizeof(errbuf));
+                        return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to set server name: %s", errbuf);
+                }
+        }
+
         ERR_clear_error();
         stream->dnstls_data.handshake = SSL_do_handshake(s);
         if (stream->dnstls_data.handshake <= 0) {
author	Guilhem Lettron <guilhem@barpilot.io>	2019-11-30 03:51:40 +0100
committer	Yu Watanabe <watanabe.yu+github@gmail.com>	2019-12-04 23:24:06 +0900
commit	2e22a54f4e085496088b77085f38b66532da59fb (patch)
tree	c3bc6bb24cafaae584504da112beb38d1b946695 /src/resolve/resolved-dnstls-openssl.c
parent	b7aa08ca15d0080bfbdc8820b8b9b617b550a0e0 (diff)
download	systemd-2e22a54f4e085496088b77085f38b66532da59fb.tar.gz