From 8c3ef95adf33efedc8fd338a6307015b898a273b Mon Sep 17 00:00:00 2001
From: Stefan Eissing <stefan@eissing.org>
Date: Wed, 17 Jun 2026 11:50:35 +0200
Subject: [PATCH] dns-httpsrr-lookup: use origin, not peer

Origin is the correct peer for lookup of HTTPS-RR records.

Closes #22059
---
 lib/vtls/openssl.c | 2 +-
 lib/vtls/rustls.c  | 2 +-
 lib/vtls/wolfssl.c | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index eb6839cfba..4689d7a2fc 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -3502,7 +3502,7 @@ static CURLcode ossl_init_ech(struct ossl_ctx *octx,
   }
   else {
     const struct Curl_https_rrinfo *rinfo =
-      Curl_conn_dns_get_https(data, cf->sockindex, peer->peer);
+      Curl_conn_dns_get_https(data, cf->sockindex, peer->origin);
 
     if(rinfo && rinfo->echconfiglist) {
       const unsigned char *ecl = rinfo->echconfiglist;
diff --git a/lib/vtls/rustls.c b/lib/vtls/rustls.c
index 5183844a6f..950f170212 100644
--- a/lib/vtls/rustls.c
+++ b/lib/vtls/rustls.c
@@ -983,7 +983,7 @@ init_config_builder_ech(struct Curl_easy *data,
   else {
     const struct ssl_connect_data *connssl = cf->ctx;
     const struct Curl_https_rrinfo *rinfo =
-      Curl_conn_dns_get_https(data, cf->sockindex, connssl->peer.peer);
+      Curl_conn_dns_get_https(data, cf->sockindex, connssl->peer.origin);
 
     if(!rinfo || !rinfo->echconfiglist) {
       failf(data, "rustls: ECH requested but no ECHConfig available");
diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c
index c55490eb83..92eaa7a751 100644
--- a/lib/vtls/wolfssl.c
+++ b/lib/vtls/wolfssl.c
@@ -1248,7 +1248,7 @@ static CURLcode wssl_init_ech(struct wssl_ctx *wctx,
   }
   else {
     const struct Curl_https_rrinfo *rinfo =
-      Curl_conn_dns_get_https(data, cf->sockindex, peer->peer);
+      Curl_conn_dns_get_https(data, cf->sockindex, peer->origin);
 
     if(rinfo && rinfo->echconfiglist) {
       const unsigned char *ecl = rinfo->echconfiglist;