The DNS filter knows the peer it resolves and the code parts that want
the results know the peer as well. Pass it to lookup methods to make
sure results match.
Background: when tunneling, the resolved peer is not always the one that
other filters are looking for. Especially when HTTPS-RR results are
accessed in TLS filters, those will differ.
This prevents a HTTPS-RR for a proxy to be used for the origin when ECH
is activated. To make ECH work through a tunnel, we need to start an
additional resolve. Something to be fixed after 8.21.
Closes#22042
The old CMake bug about exporting -lpthread instead of Threads::Threads
no longer matches current master. As of 2d546d239e
("cmake: use Threads::Threads imported target for POSIX Threads"),
the build now uses Threads::Threads and the generated CMake package
config resolves the dependency explicitly, so this KNOWN_BUGS entry is stale.
Closes#21734
The entry is about GnuTLS not sending the client cert when it doesn't
match the `DN` the server requested. OpenSSL does the opposite.
The issue was already fixed by #4958 and removed from KNOWN_BUGS,
but it was added back to the list by #16677, seemingly by mistake.
The issue is still fixed for GnuTLS >= 3.5.0.
As curl only supports GnuTLS >= 3.6.5, remove the bug entry from
KNOWN_BUGS.md
Fixes#21720Closes#21722
