Can I avoid DNS resolution on TLS connect?
plajjan opened this issue · 3 comments
It appears tlsuv is explicitly designed so that tlsuv will do name resolution (by calling uv_getaddrinfo). The way I'm using tlsuv, I would like to avoid name resolution and just feed in an IP address as the input. Is this supposed to work?
this should work, you can pass an IP address is the string form.
see sample in the tests: https://github.com/openziti/tlsuv/blob/main/tests/uv_mbed_tests.cpp#L137C3-L137C3
If the hostname can be parsed as an IPv4 or IPv6 address, no DNS resolution is performed. uv_getaddrinfo delegates to the standard library getaddrinfo.
Is this something that does not work for you?
Ah right. That probably works for some use cases. I still want tlsuv to do tls cert verification based on the name. It's just that I am doing DNS resolution elsewhere so I already have the IP addresses resolved and want to use that to set up the tcp connection.
I need a way to provide the IP address to connect to and a separate argument for the host for tls cert verification. I did see a connect_addr function in the header file but I don't think it's actually implemented!?
Ah right. That probably works for some use cases. I still want tlsuv to do tls cert verification based on the name. It's just that I am doing DNS resolution elsewhere so I already have the IP addresses resolved and want to use that to set up the tcp connection.
I need a way to provide the IP address to connect to and a separate argument for the host for tls cert verification. I did see a connect_addr function in the header file but I don't think it's actually implemented!?
OK, that makes sense. I'll see when I can slot this in