1 files changed, 8 insertions, 1 deletions

diff --git a/services/outside_network.h b/services/outside_network.h
index 09b2e6cedff62..105f7651363ff 100644
--- a/services/outside_network.h
+++ b/services/outside_network.h
@@ -290,6 +290,8 @@ struct waiting_tcp {
 	void* cb_arg;
 	/** if it uses ssl upstream */
 	int ssl_upstream;
+	/** ref to the tls_auth_name from the serviced_query */
+	char* tls_auth_name;
 };
 
 /**
@@ -332,6 +334,9 @@ struct serviced_query {
 	int nocaps;
 	/** tcp upstream used, use tcp, or ssl_upstream for SSL */
 	int tcp_upstream, ssl_upstream;
+	/** the name of the tls authentication name, eg. 'ns.example.com'
+	 * or NULL */
+	char* tls_auth_name;
 	/** where to send it */
 	struct sockaddr_storage addr;
 	/** length of addr field in use. */
@@ -484,6 +489,8 @@ void pending_delete(struct outside_network* outnet, struct pending* p);
  * @param nocaps: ignore use_caps_for_id and use unperturbed qname.
  * @param tcp_upstream: use TCP for upstream queries.
  * @param ssl_upstream: use SSL for upstream queries.
+ * @param tls_auth_name: when ssl_upstream is true, use this name to check
+ * 	the server's peer certificate.
  * @param addr: to which server to send the query.
  * @param addrlen: length of addr.
  * @param zone: name of the zone of the delegation point. wireformat dname.
@@ -501,7 +508,7 @@ void pending_delete(struct outside_network* outnet, struct pending* p);
  */
 struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
 	struct query_info* qinfo, uint16_t flags, int dnssec, int want_dnssec,
-	int nocaps, int tcp_upstream, int ssl_upstream,
+	int nocaps, int tcp_upstream, int ssl_upstream, char* tls_auth_name,
 	struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone,
 	size_t zonelen, struct module_qstate* qstate,
 	comm_point_callback_type* callback, void* callback_arg,