From 7316bb5341f11beb0bf97cc7187131d97d00e1c0 Mon Sep 17 00:00:00 2001
From: moparisthebest <admin@moparisthebest.com>
Date: Mon, 16 Dec 2019 21:15:25 -0500
Subject: [PATCH] Add --tls-hostname argument to wireguard-proxy

---
 README.md                  | 5 ++++-
 src/bin/wireguard-proxy.rs | 7 ++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index d5c19b0..1985461 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 # wireguard-proxy
 
 [![Travis-CI Build Status](https://api.travis-ci.org/moparisthebest/wireguard-proxy.svg?branch=master)](https://travis-ci.org/moparisthebest/wireguard-proxy)
-[![Build status](https://ci.appveyor.com/api/projects/status/vl8c9xdhvgn997d2/branch/master?svg=true)](https://ci.appveyor.com/project/moparisthebest/wireguard-proxy/branch/master)
+[![Build status](https://ci.appveyor.com/api/projects/status/vl8c9xdhvgn997d2/branch/master?svg=true)](https://ci.appveyor.com/project/moparisthebest/wireguard-proxy)
 [![crates.io](https://img.shields.io/crates/v/wireguard-proxy.svg)](https://crates.io/crates/wireguard-proxy)
 
 Proxy wireguard UDP packets over TCP/TLS
@@ -20,6 +20,9 @@ usage: wireguard-proxy [options...]
                                  client here, default: 127.0.0.1:51820
  --tls                           use TLS when connecting to tcp-target
                                  WARNING: currently verifies nothing!
+ --tls-hostname                  send this in SNI instead of host
+                                 from --tcp-target, useful for avoiding
+                                 DNS lookup on connect
 
  Server Mode (requires --tcp-host):
  -th, --tcp-host <ip:port>                TCP host to listen on
diff --git a/src/bin/wireguard-proxy.rs b/src/bin/wireguard-proxy.rs
index cb27c57..813e7cc 100644
--- a/src/bin/wireguard-proxy.rs
+++ b/src/bin/wireguard-proxy.rs
@@ -25,6 +25,9 @@ fn main() {
                                  client here, default: {}
  --tls                           use TLS when connecting to tcp-target
                                  WARNING: currently verifies nothing!
+ --tls-hostname                  send this in SNI instead of host
+                                 from --tcp-target, useful for avoiding
+                                 DNS lookup on connect
 
  Server Mode (requires --tcp-host):
  -th, --tcp-host <ip:port>                TCP host to listen on
@@ -76,7 +79,9 @@ fn client(tcp_target: &str, socket_timeout: u64, args: Args) {
     );
 
     if tls {
-        proxy_client.start_tls(tcp_target.split(":").next().expect("cannot extract hostname from --tcp-target")).expect("error running tls proxy_client");
+        let hostname = args.get_option(&["--tls-hostname"]).or_else(|| tcp_target.split(":").next())
+            .expect("--tls-hostname not set and cannot extract hostname from --tcp-target");
+        proxy_client.start_tls(hostname).expect("error running tls proxy_client");
     } else {
         proxy_client.start().expect("error running proxy_client");
     }