gnutls-cli: introduced --sni-hostname option

This allows overriding the value set on the TLS server name indication
extension.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

diff --git a/src/cli-args.def b/src/cli-args.def
index 202afcd9a0a3d4ae0cc4b495d1b67933a96b61e8..69917596f2c682254e2919969681aeb53ac0753d 100644 (file)
--- a/src/cli-args.def
+++ b/src/cli-args.def
@@ -80,6 +80,13 @@ flag = {
     doc       = "Connect, establish a session and rehandshake immediately.";
 };
 
+flag = {
+    name      = sni-hostname;
+    descrip   = "Server's hostname for server name indication extension";
+    arg-type  = string;
+    doc      = "Set explicitly the server name used in the TLS server name indication extension. That is useful when testing with servers setup on different DNS name than the intended. If not specified, the provided hostname is used.";
+};
+
 flag = {
     name      = starttls;
     value     = s;

diff --git a/src/cli.c b/src/cli.c
index b225c166f77cdb3afeba214437eb3f72d7c4ce20..6980e75f4eb4257f0af2a4bc4246d0fbfddbc68d 100644 (file)
--- a/src/cli.c
+++ b/src/cli.c
@@ -703,7 +703,10 @@ gnutls_session_t init_tls_session(const char *host)
        /* allow the use of private ciphersuites.
         */
        if (disable_extensions == 0 && disable_sni == 0) {
-               if (host != NULL && is_ip(host) == 0)
+               if (HAVE_OPT(SNI_HOSTNAME)) {
+                       gnutls_server_name_set(session, GNUTLS_NAME_DNS,
+                                              OPT_ARG(SNI_HOSTNAME), strlen(OPT_ARG(SNI_HOSTNAME)));
+               } else if (host != NULL && is_ip(host) == 0)
                        gnutls_server_name_set(session, GNUTLS_NAME_DNS,
                                               host, strlen(host));
        }