From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Mon, 8 May 2017 04:13:59 +0000 (+0200)
Subject: gnutls-cli: introduced --sni-hostname option
X-Git-Tag: gnutls_3_6_0~590
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fdacda0d3c055742665ec09bf52f595ada4ff8d0;p=thirdparty%2Fgnutls.git

gnutls-cli: introduced --sni-hostname option

This allows overriding the value set on the TLS server name indication
extension.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
---

diff --git a/src/cli-args.def b/src/cli-args.def
index 202afcd9a0..69917596f2 100644
--- a/src/cli-args.def
+++ b/src/cli-args.def
@@ -80,6 +80,13 @@ flag = {
     doc       = "Connect, establish a session and rehandshake immediately.";
 };
 
+flag = {
+    name      = sni-hostname;
+    descrip   = "Server's hostname for server name indication extension";
+    arg-type  = string;
+    doc      = "Set explicitly the server name used in the TLS server name indication extension. That is useful when testing with servers setup on different DNS name than the intended. If not specified, the provided hostname is used.";
+};
+
 flag = {
     name      = starttls;
     value     = s;
diff --git a/src/cli.c b/src/cli.c
index b225c166f7..6980e75f4e 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -703,7 +703,10 @@ gnutls_session_t init_tls_session(const char *host)
 	/* allow the use of private ciphersuites.
 	 */
 	if (disable_extensions == 0 && disable_sni == 0) {
-		if (host != NULL && is_ip(host) == 0)
+		if (HAVE_OPT(SNI_HOSTNAME)) {
+			gnutls_server_name_set(session, GNUTLS_NAME_DNS,
+					       OPT_ARG(SNI_HOSTNAME), strlen(OPT_ARG(SNI_HOSTNAME)));
+		} else if (host != NULL && is_ip(host) == 0)
 			gnutls_server_name_set(session, GNUTLS_NAME_DNS,
 					       host, strlen(host));
 	}