Update readme

ReadMe.md

@@ -544,8 +544,8 @@ https://github.com/pymumu/smartdns/releases
 |参数|  功能  |默认值|配置值|例子|
 |--|--|--|--|--|
 |server-name|DNS服务器名称|操作系统主机名/smartdns|符合主机名规格的字符串|server-name smartdns
-|bind|DNS监听端口号|[::]:53|IP:PORT|bind 192.168.1.1:53
+|bind|DNS监听端口号|[::]:53|可绑定多个端口<br>`IP:PORT`: 服务器IP，端口号。<br>`[-group]`: 请求时使用的DNS服务器组。<br>`[-no-rule-addr]`：跳过address规则。<br>`[-no-rule-nameserver]`：跳过Nameserver规则。<br>`[-no-rule-ipset]`：跳过Ipset规则。<br>`[no-rule-soa]`：跳过SOA(#)规则.<br>`[no-dualstack-selection]`：停用双栈测速。<br>`[-no-speed-check]`：停用测速。<br>`[-no-cache]`：停止缓存|bind :53
-|bind-tcp|TCP模式DNS监听端口号|[::]:53|IP:PORT|bind-tcp 192.168.1.1:53
+|bind|TCP DNS监听端口号|[::]:53|可绑定多个端口<br>`IP:PORT`: 服务器IP，端口号。<br>`[-group]`: 请求时使用的DNS服务器组。<br>`[-no-rule-addr]`：跳过address规则。<br>`[-no-rule-nameserver]`：跳过Nameserver规则。<br>`[-no-rule-ipset]`：跳过Ipset规则。<br>`[no-rule-soa]`：跳过SOA(#)规则.<br>`[no-dualstack-selection]`：停用双栈测速。<br>`[-no-speed-check]`：停用测速。<br>`[-no-cache]`：停止缓存|bind-tcp :53
 |cache-size|域名结果缓存个数|512|数字|cache-size 512
 |tcp-idle-time|TCP链接空闲超时时间|120|数字|tcp-idle-time 120
 |rr-ttl|域名结果TTL|远程查询结果|大于0的数字|rr-ttl 600
@@ -562,8 +562,9 @@ https://github.com/pymumu/smartdns/releases
 |conf-file|附加配置文件|无|文件路径|conf-file /etc/smartdns/smartdns.more.conf
 |server|上游UDP DNS|无|可重复<br>`[ip][:port]`：服务器IP，端口可选。<br>`[-blacklist-ip]`：blacklist-ip参数指定使用blacklist-ip配置IP过滤结果。<br>`[-whitelist-ip]`：whitelist-ip参数指定仅接受whitelist-ip中配置IP范围。<br>`[-group [group] ...]`：DNS服务器所属组，比如office, foreign，和nameserver配套使用。<br>`[-exclude-default-group]`：将DNS服务器从默认组中排除| server 8.8.8.8:53 -blacklist-ip -group g1
 |server-tcp|上游TCP DNS|无|可重复<br>`[ip][:port]`：服务器IP，端口可选。<br>`[-blacklist-ip]`：blacklist-ip参数指定使用blacklist-ip配置IP过滤结果。<br>`[-whitelist-ip]`：whitelist-ip参数指定仅接受whitelist-ip中配置IP范围。<br>`[-group [group] ...]`：DNS服务器所属组，比如office, foreign，和nameserver配套使用。<br>`[-exclude-default-group]`：将DNS服务器从默认组中排除| server-tcp 8.8.8.8:53
-|server-tls|上游TLS DNS|无|可重复<br>`[ip][:port]`：服务器IP，端口可选。<br>`[-spki-pin [sha256-pin]]`: TLS合法性校验SPKI值，base64编码的sha256 SPKI pin值<br>`[-host-name]`：TLS SNI名称。<br>`[-tls-host-check]`: TLS证书主机名校验。<br>`[-blacklist-ip]`：blacklist-ip参数指定使用blacklist-ip配置IP过滤结果。<br>`[-whitelist-ip]`：whitelist-ip参数指定仅接受whitelist-ip中配置IP范围。<br>`[-group [group] ...]`：DNS服务器所属组，比如office, foreign，和nameserver配套使用。<br>`[-exclude-default-group]`：将DNS服务器从默认组中排除| server-tls 8.8.8.8:853
+|server-tls|上游TLS DNS|无|可重复<br>`[ip][:port]`：服务器IP，端口可选。<br>`[-spki-pin [sha256-pin]]`: TLS合法性校验SPKI值，base64编码的sha256 SPKI pin值<br>`[-host-name]`：TLS SNI名称。<br>`[-tls-host-verify]`: TLS证书主机名校验。<br>`[-blacklist-ip]`：blacklist-ip参数指定使用blacklist-ip配置IP过滤结果。<br>`[-whitelist-ip]`：whitelist-ip参数指定仅接受whitelist-ip中配置IP范围。<br>`[-group [group] ...]`：DNS服务器所属组，比如office, foreign，和nameserver配套使用。<br>`[-exclude-default-group]`：将DNS服务器从默认组中排除| server-tls 8.8.8.8:853
-|server-https|上游HTTPS DNS|无|可重复<br>`https://[host][:port]/path`：服务器IP，端口可选。<br>`[-spki-pin [sha256-pin]]`: TLS合法性校验SPKI值，base64编码的sha256 SPKI pin值<br>`[-host-name]`：TLS SNI名称<br>`[-http-host]`：http协议头主机名。<br>`[-tls-host-check]`: TLS证书主机名校验。<br>`[-blacklist-ip]`：blacklist-ip参数指定使用blacklist-ip配置IP过滤结果。<br>`[-whitelist-ip]`：whitelist-ip参数指定仅接受whitelist-ip中配置IP范围。<br>`[-group [group] ...]`：DNS服务器所属组，比如office, foreign，和nameserver配套使用。<br>`[-exclude-default-group]`：将DNS服务器从默认组中排除| server-https https://cloudflare-dns.com/dns-query
+|server-https|上游HTTPS DNS|无|可重复<br>`https://[host][:port]/path`：服务器IP，端口可选。<br>`[-spki-pin [sha256-pin]]`: TLS合法性校验SPKI值，base64编码的sha256 SPKI pin值<br>`[-host-name]`：TLS SNI名称<br>`[-http-host]`：http协议头主机名。<br>`[-tls-host-verify]`: TLS证书主机名校验。<br>`[-blacklist-ip]`：blacklist-ip参数指定使用blacklist-ip配置IP过滤结果。<br>`[-whitelist-ip]`：whitelist-ip参数指定仅接受whitelist-ip中配置IP范围。<br>`[-group [group] ...]`：DNS服务器所属组，比如office, foreign，和nameserver配套使用。<br>`[-exclude-default-group]`：将DNS服务器从默认组中排除| server-https https://cloudflare-dns.com/dns-query
+|speed-check-mode|测速模式选择|无|[ping\|tcp:[80]\|none]|speed-check-mode ping,tcp:80
 |address|指定域名IP地址|无|address /domain/[ip\|-\|-4\|-6\|#\|#4\|#6] <br>`-`表示忽略 <br>`#`表示返回SOA <br>`4`表示IPV4 <br>`6`表示IPV6| address /www.example.com/1.2.3.4
 |nameserver|指定域名使用server组解析|无|nameserver /domain/[group\|-], `group`为组名，`-`表示忽略此规则，配套server中的`-group`参数使用| nameserver /www.example.com/office
 |ipset|域名IPSET|None|ipset /domain/[ipset\|-], `-`表示忽略|ipset /www.example.com/pass

ReadMe_en.md

@@ -194,7 +194,7 @@ Download the matching version of the SmartDNS installation package. The correspo
 * **Please download from the Release page: [Download here](https://github.com/pymu/smartdns/releases)**
 
 ```shell
-https://github.com/pymu/smartdns/releases
+https://github.com/pymumu/smartdns/releases
 ```
 
 * For the installation procedure, please refer to the following sections.
@@ -539,8 +539,8 @@ Note: Merlin firmware is derived from ASUS firmware and can theoretically be use
 |parameter|Parameter function|Default value|Value type|Example|
 |--|--|--|--|--|
 |server-name|DNS name|host name/smartdns|any string like hosname|server-name smartdns
-|bind|DNS bind port|[::]:53|IP:PORT|bind 192.168.1.1:53
+|bind|DNS listening port number|[::]:53|Support binding multiple ports<br>`IP:PORT`: server IP, port number. <br>`[-group]`: The DNS server group used when requesting. <br>`[-no-rule-addr]`: Skip the address rule. <br>`[-no-rule-nameserver]`: Skip the Nameserver rule. <br>`[-no-rule-ipset]`: Skip the Ipset rule. <br>`[-no-rule-soa]`: Skip address SOA(#) rules.<br>`[-no-dualstack-selection]`: Disable dualstack ip selection.<br>`[-no-speed-check]`: Disable speed measurement. <br>`[-no-cache]`: stop caching |bind :53
-|bind-tcp|TCP mode DNS bind port|[::]:53|IP:PORT|bind-tcp 192.168.1.1:53
+|bind-tcp|TCP mode DNS listening port number|[::]:53|Support binding multiple ports<br>`IP:PORT`: server IP, port number. <br>`[-group]`: The DNS server group used when requesting. <br>`[-no-rule-addr]`: Skip the address rule. <br>`[-no-rule-nameserver]`: Skip the Nameserver rule. <br>`[-no-rule-ipset]`: Skip the Ipset rule. <br>`[-no-rule-soa]`: Skip address SOA(#) rules.<br>`[-no-dualstack-selection]`: Disable dualstack ip selection.<br>`[-no-speed-check]`: Disable speed measurement. <br>`[-no-cache]`: stop caching |bind-tcp :53
 |cache-size|Domain name result cache number|512|integer|cache-size 512
 |tcp-idle-time|TCP connection idle timeout|120|integer|tcp-idle-time 120
 |rr-ttl|Domain name TTL|Remote query result|number greater than 0|rr-ttl 600
@@ -557,8 +557,9 @@ Note: Merlin firmware is derived from ASUS firmware and can theoretically be use
 |conf-file|additional conf file|None|File path|conf-file /etc/smartdns/smartdns.more.conf
 |server|Upstream UDP DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server 8.8.8.8:53 -blacklist-ip
 |server-tcp|Upstream TCP DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-tcp 8.8.8.8:53
-|server-tls|Upstream TLS DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-spki-pin [sha256-pin]]`: TLS verify SPKI value, a base64 encoded SHA256 hash<br>`[-host-name]`:TLS Server name. <br>`[-tls-host-check]`: TLS cert hostname to verify.<br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-tls 8.8.8.8:853
+|server-tls|Upstream TLS DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-spki-pin [sha256-pin]]`: TLS verify SPKI value, a base64 encoded SHA256 hash<br>`[-host-name]`:TLS Server name. <br>`[-tls-host-verify]`: TLS cert hostname to verify.<br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-tls 8.8.8.8:853
-|server-https|Upstream HTTPS DNS server|None|Repeatable <br>`https://[host][:port]/path`: Server IP, port optional. <br>`[-spki-pin [sha256-pin]]`: TLS verify SPKI value, a base64 encoded SHA256 hash<br>`[-host-name]`:TLS Server name<br>`[-http-host]`：http header host. <br>`[-tls-host-check]`: TLS cert hostname to verify.<br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-https https://cloudflare-dns.com/dns-query
+|server-https|Upstream HTTPS DNS server|None|Repeatable <br>`https://[host][:port]/path`: Server IP, port optional. <br>`[-spki-pin [sha256-pin]]`: TLS verify SPKI value, a base64 encoded SHA256 hash<br>`[-host-name]`:TLS Server name<br>`[-http-host]`：http header host. <br>`[-tls-host-verify]`: TLS cert hostname to verify.<br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group| server-https https://cloudflare-dns.com/dns-query
+|speed-check-mode|Speed ​​mode|None|[ping\|tcp:[80]\|none]|speed-check-mode ping,tcp:443
 |address|Domain IP address|None|address /domain/[ip\|-\|-4\|-6\|#\|#4\|#6], `-` for ignore, `#` for return SOA, `4` for IPV4, `6` for IPV6| address /www.example.com/1.2.3.4
 |nameserver|To query domain with specific server group|None|nameserver /domain/[group\|-], `group` is the group name, `-` means ignore this rule, use the `-group` parameter in the related server|nameserver /www.example.com/office
 |ipset|Domain IPSet|None|ipset /domain/[ipset\|-], `-` for ignore|ipset /www.example.com/pass

etc/smartdns/smartdns.conf

@@ -10,9 +10,9 @@
 
 # dns server bind ip and port, default dns server port is 53, support binding multi ip and port
 # bind udp server
-#   bind [IP]:[port] [-group [group]] [-no-rule-addr] [-no-rule-nameserver] [-no-rule-ipset] [-no-speed-check] [-no-cache]
+#   bind [IP]:[port] [-group [group]] [-no-rule-addr] [-no-rule-nameserver] [-no-rule-ipset] [-no-speed-check] [-no-cache] [-no-rule-soa] [-no-dualstack-selection]
 # bind tcp server
-#   bind-tcp [IP]:[port] [-group [group]] [-no-rule-addr] [-no-rule-nameserver] [-no-rule-ipset] [-no-speed-check] [-no-cache]
+#   bind-tcp [IP]:[port] [-group [group]] [-no-rule-addr] [-no-rule-nameserver] [-no-rule-ipset] [-no-speed-check] [-no-cache] [-no-rule-soa] [-no-dualstack-selection]
 # option:
 #   -group: set domain request to use the appropriate server group.
 #   -no-rule-addr: skip address rule.
@@ -20,6 +20,8 @@
 #   -no-rule-ipset: skip ipset rule.
 #   -no-speed-check: do not check speed.
 #   -no-cache: skip cache.
+#   -no-rule-soa: Skip address SOA(#) rules.
+#   -no-dualstack-selection: Disable dualstack ip selection.
 # example: 
 #  IPV4: 
 #    bind :53

package/luci/files/luci/model/cbi/smartdns/upstream.lua

@@ -39,8 +39,8 @@ o:value("https", translate("https"))
 o.default     = "udp"
 o.rempty      = false
 
----- TLS host check
+---- TLS host verify
-o = s:option(Value, "tls_host_check", translate("TLS Hostname Verify"), translate("Set TLS hostname to verify"))
+o = s:option(Value, "tls_host_verify", translate("TLS Hostname Verify"), translate("Set TLS hostname to verify"))
 o.default     = ""
 o.datatype    = "string"
 o.rempty      = true

package/openwrt/files/etc/init.d/smartdns

@@ -160,7 +160,7 @@ load_server()
 	config_get "port" "$section" "port" ""
 	config_get "type" "$section" "type" "udp"
 	config_get "ip" "$section" "ip" ""
-	config_get "tls_host_check" "$section" "tls_host_check" ""
+	config_get "tls_host_verify" "$section" "tls_host_verify" ""
 	config_get "host_name" "$section" "host_name" ""
 	config_get "http_host" "$section" "http_host" ""
 	config_get "server_group" "$section" "server_group" ""
@@ -192,8 +192,8 @@ load_server()
 		fi
 	fi
 
-	if [ ! -z "$tls_host_check" ]; then
+	if [ ! -z "$tls_host_verify" ]; then
-		ADDITIONAL_ARGS="$ADDITIONAL_ARGS -tls-host-check $tls_host_check"
+		ADDITIONAL_ARGS="$ADDITIONAL_ARGS -tls-host-verify $tls_host_verify"
 	fi
 
 	if [ ! -z "$host_name" ]; then

src/dns_client.c

@@ -624,20 +624,20 @@ int dns_client_spki_decode(const char *spki, unsigned char *spki_data_out)
 	return spki_data_len;
 }
 
-static char *_dns_client_server_get_tls_host_check(struct dns_server_info *server_info)
+static char *_dns_client_server_get_tls_host_verify(struct dns_server_info *server_info)
 {
-	char *tls_host_check = NULL;
+	char *tls_host_verify = NULL;
 
 	switch (server_info->type) {
 	case DNS_SERVER_UDP: {
 	} break;
 	case DNS_SERVER_HTTPS: {
 		struct client_dns_server_flag_https *flag_https = &server_info->flags.https;
-		tls_host_check = flag_https->tls_host_check;
+		tls_host_verify = flag_https->tls_host_verify;
 	} break;
 	case DNS_SERVER_TLS: {
 		struct client_dns_server_flag_tls *flag_tls = &server_info->flags.tls;
-		tls_host_check = flag_tls->tls_host_check;
+		tls_host_verify = flag_tls->tls_host_verify;
 	} break;
 	case DNS_SERVER_TCP:
 		break;
@@ -646,13 +646,13 @@ static char *_dns_client_server_get_tls_host_check(struct dns_server_info *serve
 		break;
 	}
 
-	if (tls_host_check) {
+	if (tls_host_verify) {
-		if (tls_host_check[0] == '\0') {
+		if (tls_host_verify[0] == '\0') {
 			return NULL;
 		}
 	}
 
-	return tls_host_check;
+	return tls_host_verify;
 }
 
 static char *_dns_client_server_get_spki(struct dns_server_info *server_info, int *spki_len)
@@ -691,7 +691,6 @@ static int _dns_client_server_add(char *server_ip, char *server_host, int port,
 {
 	struct dns_server_info *server_info = NULL;
 	struct addrinfo *gai = NULL;
-	unsigned char *spki_data = NULL;
 	int spki_data_len = 0;
 	int ttl = 0;
 	char port_s[8];
@@ -825,10 +824,6 @@ static int _dns_client_server_add(char *server_ip, char *server_host, int port,
 
 	return 0;
 errout:
-	if (spki_data) {
-		free(spki_data);
-	}
-
 	if (server_info) {
 		if (server_info->ssl_ctx) {
 			SSL_CTX_free(server_info->ssl_ctx);
@@ -1948,7 +1943,7 @@ static int _dns_client_tls_verify(struct dns_server_info *server_info)
 	unsigned char *key_sha256 = NULL;
 	char *spki = NULL;
 	int spki_len = 0;
-	char *tls_host_check = NULL;
+	char *tls_host_verify = NULL;
 
 	cert = SSL_get_peer_certificate(server_info->ssl);
 	if (cert == NULL) {
@@ -1960,10 +1955,10 @@ static int _dns_client_tls_verify(struct dns_server_info *server_info)
 	tlog(TLOG_DEBUG, "peer CN: %s", peer_CN);
 
 	/* check tls host */
-	tls_host_check = _dns_client_server_get_tls_host_check(server_info);
+	tls_host_verify = _dns_client_server_get_tls_host_verify(server_info);
-	if (tls_host_check) {
+	if (tls_host_verify) {
-		if (_dns_client_tls_matchName(peer_CN, tls_host_check, strnlen(tls_host_check, DNS_MAX_CNAME_LEN)) != 0) {
+		if (_dns_client_tls_matchName(peer_CN, tls_host_verify, strnlen(tls_host_verify, DNS_MAX_CNAME_LEN)) != 0) {
-			tlog(TLOG_INFO, "server %s CN is invalid, peer CN: %s, expect CN: %s", server_info->ip, peer_CN, tls_host_check);
+			tlog(TLOG_INFO, "server %s CN is invalid, peer CN: %s, expect CN: %s", server_info->ip, peer_CN, tls_host_verify);
 			goto errout;
 		}
 	}

src/dns_client.h

@@ -50,7 +50,7 @@ struct client_dns_server_flag_tls {
 	char spki[DNS_SERVER_SPKI_LEN];
 	int spi_len;
 	char hostname[DNS_MAX_CNAME_LEN];
-	char tls_host_check[DNS_MAX_CNAME_LEN];
+	char tls_host_verify[DNS_MAX_CNAME_LEN];
 };
 
 struct client_dns_server_flag_https {
@@ -59,7 +59,7 @@ struct client_dns_server_flag_https {
 	char hostname[DNS_MAX_CNAME_LEN];
 	char httphost[DNS_MAX_CNAME_LEN];
 	char path[DNS_MAX_CNAME_LEN];
-	char tls_host_check[DNS_MAX_CNAME_LEN];
+	char tls_host_verify[DNS_MAX_CNAME_LEN];
 };
 
 struct client_dns_server_flags {

src/dns_conf.c

@@ -181,7 +181,7 @@ static int _config_server(int argc, char *argv[], dns_server_type_t type, int de
 		{"spki-pin", required_argument, NULL, 'p'}, /* check SPKI pin */
 		{"host-name", required_argument, NULL, 'h'}, /* host name */
 		{"http-host", required_argument, NULL, 'H'}, /* http host */
-		{"tls-host-check", required_argument, NULL, 'V' }, /* check tls hostname */
+		{"tls-host-verify", required_argument, NULL, 'V' }, /* verify tls hostname */
 		{"group", required_argument, NULL, 'g'}, /* add to group */
 		{"exclude-default-group", no_argument, NULL, 'E'}, /* ecluse this from default group */
 		{NULL, no_argument, NULL, 0}
@@ -202,7 +202,7 @@ static int _config_server(int argc, char *argv[], dns_server_type_t type, int de
 	server->path[0] = '\0';
 	server->hostname[0] = '\0';
 	server->httphost[0] = '\0';
-	server->tls_host_check[0] = '\0';
+	server->tls_host_verify[0] = '\0';
 
 	ip = argv[1];
 
@@ -272,7 +272,7 @@ static int _config_server(int argc, char *argv[], dns_server_type_t type, int de
 			break;
 		}
 		case 'V': {
-			safe_strncpy(server->tls_host_check, optarg, DNS_MAX_CNAME_LEN);
+			safe_strncpy(server->tls_host_verify, optarg, DNS_MAX_CNAME_LEN);
 			break;
 		}
 		default:

src/dns_conf.h

@@ -128,7 +128,7 @@ struct dns_servers {
 	char spki[DNS_MAX_SPKI_LEN];
 	char hostname[DNS_MAX_CNAME_LEN];
 	char httphost[DNS_MAX_CNAME_LEN];
-	char tls_host_check[DNS_MAX_CNAME_LEN];
+	char tls_host_verify[DNS_MAX_CNAME_LEN];
 	char path[DNS_MAX_URL_LEN];
 };
 

src/smartdns.c

@@ -157,13 +157,13 @@ static int _smartdns_add_servers(void)
 			safe_strncpy(flag_http->hostname, dns_conf_servers[i].hostname, sizeof(flag_http->hostname));
 			safe_strncpy(flag_http->path, dns_conf_servers[i].path, sizeof(flag_http->path));
 			safe_strncpy(flag_http->httphost, dns_conf_servers[i].httphost, sizeof(flag_http->httphost));
-			safe_strncpy(flag_http->tls_host_check, dns_conf_servers[i].tls_host_check, sizeof(flag_http->tls_host_check));
+			safe_strncpy(flag_http->tls_host_verify, dns_conf_servers[i].tls_host_verify, sizeof(flag_http->tls_host_verify));
 		} break;
 		case DNS_SERVER_TLS: {
 			struct client_dns_server_flag_tls *flag_tls = &flags.tls;
 			flag_tls->spi_len = dns_client_spki_decode(dns_conf_servers[i].spki, (unsigned char *)flag_tls->spki);
 			safe_strncpy(flag_tls->hostname, dns_conf_servers[i].hostname, sizeof(flag_tls->hostname));
-			safe_strncpy(flag_tls->tls_host_check, dns_conf_servers[i].tls_host_check, sizeof(flag_tls->tls_host_check));
+			safe_strncpy(flag_tls->tls_host_verify, dns_conf_servers[i].tls_host_verify, sizeof(flag_tls->tls_host_verify));
 		} break;
 		case DNS_SERVER_TCP:
 			break;