TLS SNI - add low level support for SNI to the networking code

This commit adds support for setting SNI hostnames in outgoing
connections over TLS.

Most of the changes are related to either adapting the code to accept
and extra argument in *connect() functions and a couple of changes to
the TLS Stream to actually make use of the new SNI hostname
information.

tests/isc/doh_test.c

@@ -213,7 +213,7 @@ connect_send_request(isc_nm_t *mgr, const char *uri, bool post,
 	}
 
 	isc_nm_httpconnect(mgr, NULL, &tcp_listen_addr, uri, post,
-			   connect_send_cb, data, ctx, client_sess_cache,
+			   connect_send_cb, data, ctx, NULL, client_sess_cache,
 			   timeout, get_proxy_type(), NULL);
 }
 
@@ -698,7 +698,7 @@ doh_timeout_recovery(void *arg ISC_ATTR_UNUSED) {
 			ISC_NM_HTTP_DEFAULT_PATH);
 	isc_nm_httpconnect(connect_nm, NULL, &tcp_listen_addr, req_url,
 			   atomic_load(&POST), timeout_request_cb, NULL, ctx,
-			   client_sess_cache, T_CONNECT, get_proxy_type(),
+			   NULL, client_sess_cache, T_CONNECT, get_proxy_type(),
 			   NULL);
 }
 
@@ -947,8 +947,8 @@ doh_recv_two(void *arg ISC_ATTR_UNUSED) {
 
 	isc_nm_httpconnect(connect_nm, NULL, &tcp_listen_addr, req_url,
 			   atomic_load(&POST), doh_connect_send_two_requests_cb,
-			   NULL, ctx, client_sess_cache, 5000, get_proxy_type(),
-			   NULL);
+			   NULL, ctx, NULL, client_sess_cache, 5000,
+			   get_proxy_type(), NULL);
 
 	isc_loop_teardown(mainloop, listen_sock_close, listen_sock);
 }

tests/isc/netmgr_common.c

@@ -595,7 +595,7 @@ tcp_connect(isc_nm_t *nm) {
 static void
 tls_connect(isc_nm_t *nm) {
 	isc_nm_tlsconnect(nm, &tcp_connect_addr, &tcp_listen_addr,
-			  connect_connect_cb, NULL, tcp_connect_tlsctx,
+			  connect_connect_cb, NULL, tcp_connect_tlsctx, NULL,
 			  tcp_tlsctx_client_sess_cache, T_CONNECT,
 			  stream_use_PROXY, NULL);
 }
@@ -631,7 +631,7 @@ proxystream_connect(isc_nm_t *nm) {
 
 	isc_nm_proxystreamconnect(nm, &tcp_connect_addr, &tcp_listen_addr,
 				  connect_connect_cb, NULL, T_CONNECT, tlsctx,
-				  sess_cache, get_proxyheader_info());
+				  NULL, sess_cache, get_proxyheader_info());
 }
 
 stream_connect_function
@@ -680,10 +680,11 @@ stream_connect(isc_nm_cb_t cb, void *cbarg, unsigned int timeout) {
 	isc_refcount_increment0(&active_cconnects);
 
 	if (stream_use_TLS && !stream_PROXY_over_TLS) {
-		isc_nm_tlsconnect(
-			connect_nm, &tcp_connect_addr, &tcp_listen_addr, cb,
-			cbarg, tcp_connect_tlsctx, tcp_tlsctx_client_sess_cache,
-			timeout, stream_use_PROXY, NULL);
+		isc_nm_tlsconnect(connect_nm, &tcp_connect_addr,
+				  &tcp_listen_addr, cb, cbarg,
+				  tcp_connect_tlsctx, NULL,
+				  tcp_tlsctx_client_sess_cache, timeout,
+				  stream_use_PROXY, NULL);
 		return;
 	} else if (stream_use_PROXY) {
 		isc_tlsctx_t *tlsctx = stream_PROXY_over_TLS
@@ -694,7 +695,7 @@ stream_connect(isc_nm_cb_t cb, void *cbarg, unsigned int timeout) {
 					      : NULL;
 		isc_nm_proxystreamconnect(connect_nm, &tcp_connect_addr,
 					  &tcp_listen_addr, cb, cbarg, timeout,
-					  tlsctx, sess_cache,
+					  tlsctx, NULL, sess_cache,
 					  get_proxyheader_info());
 		return;
 	} else {

tests/isc/tcpdns_test.c

@@ -63,7 +63,7 @@ static void
 tcpdns_connect(isc_nm_t *nm) {
 	isc_nm_streamdnsconnect(nm, &tcp_connect_addr, &tcp_listen_addr,
 				connect_connect_cb, tcpdns_connect, T_CONNECT,
-				NULL, NULL, get_proxy_type(), NULL);
+				NULL, NULL, NULL, get_proxy_type(), NULL);
 }
 
 ISC_LOOP_TEST_IMPL(tcpdns_noop) {
@@ -73,7 +73,7 @@ ISC_LOOP_TEST_IMPL(tcpdns_noop) {
 	isc_refcount_increment0(&active_cconnects);
 	isc_nm_streamdnsconnect(connect_nm, &tcp_connect_addr, &tcp_listen_addr,
 				connect_success_cb, tcpdns_connect, T_CONNECT,
-				NULL, NULL, get_proxy_type(), NULL);
+				NULL, NULL, NULL, get_proxy_type(), NULL);
 }
 
 ISC_LOOP_TEST_IMPL(tcpdns_noresponse) {
@@ -82,7 +82,7 @@ ISC_LOOP_TEST_IMPL(tcpdns_noresponse) {
 	isc_refcount_increment0(&active_cconnects);
 	isc_nm_streamdnsconnect(connect_nm, &tcp_connect_addr, &tcp_listen_addr,
 				connect_connect_cb, tcpdns_connect, T_CONNECT,
-				NULL, NULL, get_proxy_type(), NULL);
+				NULL, NULL, NULL, get_proxy_type(), NULL);
 }
 
 ISC_LOOP_TEST_IMPL(tcpdns_timeout_recovery) {

tests/isc/tlsdns_test.c

@@ -63,7 +63,7 @@ static void
 tlsdns_connect(isc_nm_t *nm) {
 	isc_nm_streamdnsconnect(
 		nm, &tcp_connect_addr, &tcp_listen_addr, connect_connect_cb,
-		tlsdns_connect, T_CONNECT, tcp_connect_tlsctx,
+		tlsdns_connect, T_CONNECT, tcp_connect_tlsctx, NULL,
 		tcp_tlsctx_client_sess_cache, get_proxy_type(), NULL);
 }
 
@@ -74,7 +74,7 @@ ISC_LOOP_TEST_IMPL(tlsdns_noop) {
 	isc_refcount_increment0(&active_cconnects);
 	isc_nm_streamdnsconnect(connect_nm, &tcp_connect_addr, &tcp_listen_addr,
 				connect_success_cb, tlsdns_connect, T_CONNECT,
-				tcp_connect_tlsctx,
+				tcp_connect_tlsctx, NULL,
 				tcp_tlsctx_client_sess_cache, get_proxy_type(),
 				NULL);
 }
@@ -85,7 +85,7 @@ ISC_LOOP_TEST_IMPL(tlsdns_noresponse) {
 	isc_refcount_increment0(&active_cconnects);
 	isc_nm_streamdnsconnect(connect_nm, &tcp_connect_addr, &tcp_listen_addr,
 				connect_connect_cb, tlsdns_connect, T_CONNECT,
-				tcp_connect_tlsctx,
+				tcp_connect_tlsctx, NULL,
 				tcp_tlsctx_client_sess_cache, get_proxy_type(),
 				NULL);
 }
@@ -109,7 +109,7 @@ ISC_LOOP_TEST_IMPL(tlsdns_timeout_recovery) {
 	isc_nm_streamdnsconnect(
 		connect_nm, &tcp_connect_addr, &tcp_listen_addr,
 		connect_connect_cb, tlsdns_connect, T_SOFT, tcp_connect_tlsctx,
-		tcp_tlsctx_client_sess_cache, get_proxy_type(), NULL);
+		NULL, tcp_tlsctx_client_sess_cache, get_proxy_type(), NULL);
 }
 
 ISC_LOOP_TEST_IMPL(tlsdns_recv_one) {