From 74a0ff06f4b5d8a29c6b45dee8da703797f1da66 Mon Sep 17 00:00:00 2001
From: David Fifield <david@bamsoftware.com>
Date: Sun, 2 Jan 2022 16:16:46 -0700
Subject: [PATCH] Omit SNI in uTLS connections when it would contain an IP
 address.

Important for us as we are likely to connect to servers like 1.1.1.1 and
8.8.8.8.
---
 dnstt-client/utls.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/dnstt-client/utls.go b/dnstt-client/utls.go
index 546f3a9..7a6af56 100644
--- a/dnstt-client/utls.go
+++ b/dnstt-client/utls.go
@@ -71,6 +71,15 @@ func utlsDialContext(ctx context.Context, network, addr string, config *utls.Con
 		return nil, err
 	}
 	uconn := utls.UClient(conn, config, *id)
+	// Manually remove the SNI if it contains an IP address.
+	// https://github.com/refraction-networking/utls/issues/96
+	if net.ParseIP(config.ServerName) != nil {
+		err := uconn.RemoveSNIExtension()
+		if err != nil {
+			uconn.Close()
+			return nil, err
+		}
+	}
 	// We must call Handshake before returning, or else the UConn may not
 	// actually use the selected ClientHelloID. It depends on whether a Read
 	// or a Write happens first. If a Read happens first, the connection
-- 
2.11.4.GIT