From b11ace4832d2318235cdb1f836bb3677f6e52a20 Mon Sep 17 00:00:00 2001
From: Sergey Matveev <stargrave@stargrave.org>
Date: Sat, 12 Aug 2023 15:10:36 +0300
Subject: [PATCH] Lowercase domain names

---
 tls/dial.go    |  1 +
 tls/tolower.go | 28 ++++++++++++++++++++++++++++
 version.go     |  2 +-
 3 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 tls/tolower.go

diff --git a/tls/dial.go b/tls/dial.go
index 2f1c8b6..172e3fc 100644
--- a/tls/dial.go
+++ b/tls/dial.go
@@ -33,6 +33,7 @@ var sessionCache = tls.NewLRUClientSessionCache(1024)
 
 func DialTLS(ctx context.Context, network, addr string) (net.Conn, error) {
 	host, _, _ := SplitHostPort(addr)
+	host = toLowerCaseASCII(host)
 	ccg := ClientCertificateGetter{host: host}
 	cfg := tls.Config{
 		VerifyPeerCertificate: func(
diff --git a/tls/tolower.go b/tls/tolower.go
new file mode 100644
index 0000000..321441e
--- /dev/null
+++ b/tls/tolower.go
@@ -0,0 +1,28 @@
+package tofuproxy
+
+import "unicode/utf8"
+
+// Copy-pasted from crypto/x509, as it is not public.
+func toLowerCaseASCII(in string) string {
+	isAlreadyLowerCase := true
+	for _, c := range in {
+		if c == utf8.RuneError {
+			isAlreadyLowerCase = false
+			break
+		}
+		if 'A' <= c && c <= 'Z' {
+			isAlreadyLowerCase = false
+			break
+		}
+	}
+	if isAlreadyLowerCase {
+		return in
+	}
+	out := []byte(in)
+	for i, c := range out {
+		if 'A' <= c && c <= 'Z' {
+			out[i] += 'a' - 'A'
+		}
+	}
+	return string(out)
+}
diff --git a/version.go b/version.go
index a36c72a..732fa04 100644
--- a/version.go
+++ b/version.go
@@ -1,3 +1,3 @@
 package tofuproxy
 
-const Version = "0.3.0"
+const Version = "0.4.0"
-- 
2.44.0