Add --tls-hostname argument to wireguard-proxy

3 years ago · 7316bb5341
2 changed files with 10 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -1,7 +1,7 @@
				@@ -1,7 +1,7 @@
 # wireguard-proxy

 [![Travis-CI Build Status](https://api.travis-ci.org/moparisthebest/wireguard-proxy.svg?branch=master)](https://travis-ci.org/moparisthebest/wireguard-proxy)
-[![Build status](https://ci.appveyor.com/api/projects/status/vl8c9xdhvgn997d2/branch/master?svg=true)](https://ci.appveyor.com/project/moparisthebest/wireguard-proxy/branch/master)
+[![Build status](https://ci.appveyor.com/api/projects/status/vl8c9xdhvgn997d2/branch/master?svg=true)](https://ci.appveyor.com/project/moparisthebest/wireguard-proxy)
 [![crates.io](https://img.shields.io/crates/v/wireguard-proxy.svg)](https://crates.io/crates/wireguard-proxy)

 Proxy wireguard UDP packets over TCP/TLS
@ -20,6 +20,9 @@ usage: wireguard-proxy [options...]
				@@ -20,6 +20,9 @@ usage: wireguard-proxy [options...]
                                 client here, default: 127.0.0.1:51820
 --tls                           use TLS when connecting to tcp-target
                                 WARNING: currently verifies nothing!
+ --tls-hostname                  send this in SNI instead of host
+                                 from --tcp-target, useful for avoiding
+                                 DNS lookup on connect

 Server Mode (requires --tcp-host):
 -th, --tcp-host <ip:port>                TCP host to listen on
--- a/src/bin/wireguard-proxy.rs
+++ b/src/bin/wireguard-proxy.rs
@ -25,6 +25,9 @@ fn main() {
				@@ -25,6 +25,9 @@ fn main() {
                                 client here, default: {}
 --tls                           use TLS when connecting to tcp-target
                                 WARNING: currently verifies nothing!
+ --tls-hostname                  send this in SNI instead of host
+                                 from --tcp-target, useful for avoiding
+                                 DNS lookup on connect

 Server Mode (requires --tcp-host):
 -th, --tcp-host <ip:port>                TCP host to listen on
@ -76,7 +79,9 @@ fn client(tcp_target: &str, socket_timeout: u64, args: Args) {
				@@ -76,7 +79,9 @@ fn client(tcp_target: &str, socket_timeout: u64, args: Args) {
    );

    if tls {
-        proxy_client.start_tls(tcp_target.split(":").next().expect("cannot extract hostname from --tcp-target")).expect("error running tls proxy_client");
+        let hostname = args.get_option(&["--tls-hostname"]).or_else(|| tcp_target.split(":").next())
+            .expect("--tls-hostname not set and cannot extract hostname from --tcp-target");
+        proxy_client.start_tls(hostname).expect("error running tls proxy_client");
    } else {
        proxy_client.start().expect("error running proxy_client");
    }