From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Mon, 31 Jan 2022 09:33:46 +0000 (+0100)
Subject: dnsdist: Set Server Name Indication on outgoing TLS connections (DoT, DoH)
X-Git-Tag: auth-4.7.0-alpha1~24^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3a692438ae8353544c934ac6f6c53dce0a55c70a;p=thirdparty%2Fpdns.git

dnsdist: Set Server Name Indication on outgoing TLS connections (DoT, DoH)
---

diff --git a/pdns/tcpiohandler.cc b/pdns/tcpiohandler.cc
index 3534d4223b..be65fc0244 100644
--- a/pdns/tcpiohandler.cc
+++ b/pdns/tcpiohandler.cc
@@ -126,6 +126,11 @@ public:
       throw std::runtime_error("Error assigning socket");
     }
 
+    /* set outgoing Server Name Indication */
+    if (SSL_set_tlsext_host_name(d_conn.get(), d_hostname.c_str()) != 1) {
+      throw std::runtime_error("Error setting TLS SNI");
+    }
+
 #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && HAVE_SSL_SET_HOSTFLAGS // grrr libressl
     SSL_set_hostflags(d_conn.get(), X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
     if (SSL_set1_host(d_conn.get(), d_hostname.c_str()) != 1) {