Adding upstream version 2.13.0.upstream/2.13.0

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

10 files changed, 53 insertions, 11 deletions

diff --git a/CHANGES b/CHANGES
index e8b249e..fa4396f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,14 @@
+2023-06-15 Jerry Lundström
+
+    Release 2.13.0
+
+    This release adds a new option `-O tls-sni=...` to set the Server Name
+    Indication when using TLS transport, currently for DNS-over-TLS and
+    DNS-over-HTTPS.
+
+    dbe84f6 TLS SNI
+    5fb2282 Add TLS Server Name Indication extension support
+
 2023-05-21 Jerry Lundström
 
     Release 2.12.0
diff --git a/configure b/configure
index 00ecbcc..f90add5 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for dnsperf 2.12.0.
+# Generated by GNU Autoconf 2.69 for dnsperf 2.13.0.
 #
 # Report bugs to <admin@dns-oarc.net>.
 #
@@ -590,8 +590,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='dnsperf'
 PACKAGE_TARNAME='dnsperf'
-PACKAGE_VERSION='2.12.0'
-PACKAGE_STRING='dnsperf 2.12.0'
+PACKAGE_VERSION='2.13.0'
+PACKAGE_STRING='dnsperf 2.13.0'
 PACKAGE_BUGREPORT='admin@dns-oarc.net'
 PACKAGE_URL='https://github.com/DNS-OARC/dnsperf/issues'
 
@@ -1362,7 +1362,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures dnsperf 2.12.0 to adapt to many kinds of systems.
+\`configure' configures dnsperf 2.13.0 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1433,7 +1433,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of dnsperf 2.12.0:";;
+     short | recursive ) echo "Configuration of dnsperf 2.13.0:";;
    esac
   cat <<\_ACEOF
 
@@ -1572,7 +1572,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-dnsperf configure 2.12.0
+dnsperf configure 2.13.0
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1941,7 +1941,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by dnsperf $as_me 2.12.0, which was
+It was created by dnsperf $as_me 2.13.0, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2804,7 +2804,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='dnsperf'
- VERSION='2.12.0'
+ VERSION='2.13.0'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -14436,7 +14436,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by dnsperf $as_me 2.12.0, which was
+This file was extended by dnsperf $as_me 2.13.0, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -14503,7 +14503,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-dnsperf config.status 2.12.0
+dnsperf config.status 2.13.0
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff --git a/configure.ac b/configure.ac
index dd84b36..b41c2b9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -16,7 +16,7 @@
 # limitations under the License.
 
 AC_PREREQ(2.64)
-AC_INIT([dnsperf], [2.12.0], [admin@dns-oarc.net], [dnsperf], [https://github.com/DNS-OARC/dnsperf/issues])
+AC_INIT([dnsperf], [2.13.0], [admin@dns-oarc.net], [dnsperf], [https://github.com/DNS-OARC/dnsperf/issues])
 AM_INIT_AUTOMAKE([-Wall -Werror foreign subdir-objects])
 AC_CONFIG_SRCDIR([src/dnsperf.c])
 AC_CONFIG_HEADER([src/config.h])
diff --git a/src/dnsperf.1.in b/src/dnsperf.1.in
index 76b694e..6c699fe 100644
--- a/src/dnsperf.1.in
+++ b/src/dnsperf.1.in
@@ -441,6 +441,13 @@ The HTTP method to use when querying with DNS-over-HTTPS, default is GET.
 Available methods are: GET, POST.
 .RE
 
+\fBtls-sni=\fISERVER_NAME\fR
+.br
+.RS
+The Server Name Indication (SNI) to use for TLS connections (such as DNS-over-TLS or DNS-over-HTTPS),
+defaults to leaving out the SNI extension in the client hello.
+.RE
+
 \fBsuppress=\fIMESSAGE[,MESSAGE,...]\fR
 .br
 .RS
diff --git a/src/dnsperf.c b/src/dnsperf.c
index 02bdd2c..cca4710 100644
--- a/src/dnsperf.c
+++ b/src/dnsperf.c
@@ -587,6 +587,7 @@ setup(int argc, char** argv, config_t* config)
     const char* doh_uri        = DEFAULT_DOH_URI;
     const char* doh_method     = DEFAULT_DOH_METHOD;
     const char* local_suppress = 0;
+    const char* tls_sni        = 0;
 
     memset(config, 0, sizeof(*config));
     config->argc = argc;
@@ -681,6 +682,8 @@ setup(int argc, char** argv, config_t* config)
 #endif
     perf_long_opt_add("qps-threshold-wait", perf_opt_zpint, "microseconds",
         "minimum threshold for enabling wait in rate limiting", stringify(config->qps_threshold_wait), &config->qps_threshold_wait);
+    perf_long_opt_add("tls-sni", perf_opt_string, "tls_sni",
+        "the TLS SNI to use for TLS connections", NULL, &tls_sni);
 
     bool log_stdout = false;
     perf_opt_add('W', perf_opt_boolean, NULL, "log warnings and errors to stdout instead of stderr", NULL, &log_stdout);
@@ -710,6 +713,10 @@ setup(int argc, char** argv, config_t* config)
         }
     }
 
+    if (tls_sni) {
+        perf_net_tls_sni = tls_sni;
+    }
+
     if (doh_uri) {
         perf_net_doh_parse_uri(doh_uri);
     }
diff --git a/src/net.c b/src/net.c
index 89e75e0..bb29661 100644
--- a/src/net.c
+++ b/src/net.c
@@ -31,6 +31,8 @@
 #include <netdb.h>
 #include <arpa/inet.h>
 
+const char* perf_net_tls_sni = 0;
+
 enum perf_net_mode perf_net_parsemode(const char* mode)
 {
     if (!strcmp(mode, "udp")) {
diff --git a/src/net.h b/src/net.h
index 1624be6..56de624 100644
--- a/src/net.h
+++ b/src/net.h
@@ -184,4 +184,6 @@ void perf_net_doh_stats_init();
 void perf_net_doh_stats_compile(struct perf_net_socket*);
 void perf_net_doh_stats_print();
 
+extern const char* perf_net_tls_sni;
+
 #endif
diff --git a/src/net_doh.c b/src/net_doh.c
index 2caeab8..56fd7ef 100644
--- a/src/net_doh.c
+++ b/src/net_doh.c
@@ -184,6 +184,9 @@ static void perf__doh_connect(struct perf_net_socket* sock)
     if (!(self->ssl = SSL_new(ssl_ctx))) {
         perf_log_fatal("SSL_new(): %s", ERR_error_string(ERR_get_error(), 0));
     }
+    if (perf_net_tls_sni && !(ret = SSL_set_tlsext_host_name(self->ssl, perf_net_tls_sni))) {
+        perf_log_fatal("SSL_set_tlsext_host_name(): %s", ERR_error_string(SSL_get_error(self->ssl, ret), 0));
+    }
     if (!(ret = SSL_set_fd(self->ssl, sock->fd))) {
         perf_log_fatal("SSL_set_fd(): %s", ERR_error_string(SSL_get_error(self->ssl, ret), 0));
     }
diff --git a/src/net_dot.c b/src/net_dot.c
index 02b54e4..c2985a3 100644
--- a/src/net_dot.c
+++ b/src/net_dot.c
@@ -82,6 +82,9 @@ static void perf__dot_connect(struct perf_net_socket* sock)
     if (!(self->ssl = SSL_new(ssl_ctx))) {
         perf_log_fatal("SSL_new(): %s", ERR_error_string(ERR_get_error(), 0));
     }
+    if (perf_net_tls_sni && !(ret = SSL_set_tlsext_host_name(self->ssl, perf_net_tls_sni))) {
+        perf_log_fatal("SSL_set_tlsext_host_name(): %s", ERR_error_string(SSL_get_error(self->ssl, ret), 0));
+    }
     if (!(ret = SSL_set_fd(self->ssl, sock->fd))) {
         perf_log_fatal("SSL_set_fd(): %s", ERR_error_string(SSL_get_error(self->ssl, ret), 0));
     }
diff --git a/src/resperf.c b/src/resperf.c
index ae4f9cd..031d751 100644
--- a/src/resperf.c
+++ b/src/resperf.c
@@ -253,6 +253,7 @@ static void setup(int argc, char** argv)
     const char*  edns_option_str = NULL;
     const char*  doh_uri         = DEFAULT_DOH_URI;
     const char*  doh_method      = DEFAULT_DOH_METHOD;
+    const char*  tls_sni         = 0;
     const char*  local_suppress  = 0;
 
     size_t num_queries_per_conn = 0;
@@ -337,6 +338,8 @@ static void setup(int argc, char** argv)
         "the URI to use for DNS-over-HTTPS", DEFAULT_DOH_URI, &doh_uri);
     perf_long_opt_add("doh-method", perf_opt_string, "doh_method",
         "the HTTP method to use for DNS-over-HTTPS: GET or POST", DEFAULT_DOH_METHOD, &doh_method);
+    perf_long_opt_add("tls-sni", perf_opt_string, "tls_sni",
+        "the TLS SNI to use for TLS connections", NULL, &tls_sni);
     perf_long_opt_add("suppress", perf_opt_string, "message[,message,...]",
         "suppress messages/warnings, see dnsperf(1) man-page for list of message types", NULL, &local_suppress);
     perf_long_opt_add("num-queries-per-conn", perf_opt_uint, "queries",
@@ -367,6 +370,10 @@ static void setup(int argc, char** argv)
         }
     }
 
+    if (tls_sni) {
+        perf_net_tls_sni = tls_sni;
+    }
+
     if (doh_uri) {
         perf_net_doh_parse_uri(doh_uri);
     }