stubby: add support for tls_port resolver config option (#8889)

Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>

3 files changed, 14 insertions, 0 deletions

diff --git a/net/stubby/files/README.md b/net/stubby/files/README.md
index 800e9545e..1a1f2a2a3 100644
--- a/net/stubby/files/README.md
+++ b/net/stubby/files/README.md
@@ -385,6 +385,11 @@ IPv6 address.
 This option specifies the upstream domain name used for TLS authentication with
 the supplied server certificate
 
+#### `option tls_port`
+
+This option specifies the TLS port for the upstream resolver. If not specified,
+this defaults to 853.
+
 #### `list spki`
 
 This list specifies the SPKI pinset which is verified against the keys in the
diff --git a/net/stubby/files/stubby.conf b/net/stubby/files/stubby.conf
index a02936da1..69240772b 100644
--- a/net/stubby/files/stubby.conf
+++ b/net/stubby/files/stubby.conf
@@ -24,19 +24,23 @@ config stubby 'global'
 config resolver
        option address '2606:4700:4700::1111'
        option tls_auth_name 'cloudflare-dns.com'
+       # option tls_port 853
        # list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc='
 
 config resolver
        option address '2606:4700:4700::1001'
        option tls_auth_name 'cloudflare-dns.com'
+       # option tls_port 853
        # list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc='
 
 config resolver
        option address '1.1.1.1'
        option tls_auth_name 'cloudflare-dns.com'
+       # option tls_port 853
        # list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc='
 
 config resolver
        option address '1.0.0.1'
        option tls_auth_name 'cloudflare-dns.com'
+       # option tls_port 853
        # list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc='
diff --git a/net/stubby/files/stubby.init b/net/stubby/files/stubby.init
index ff2f0ef3e..3bd2e6564 100755
--- a/net/stubby/files/stubby.init
+++ b/net/stubby/files/stubby.init
@@ -122,6 +122,7 @@ generate_config()
         local config=$1
         local address
         local tls_auth_name
+        local tls_port
         local tls_pubkey_pinset_section=0
 
         if [ "$upstream_recursive_servers_section" = 0 ]; then
@@ -130,8 +131,12 @@ generate_config()
         fi
         config_get address "$config" address
         config_get tls_auth_name "$config" tls_auth_name
+        config_get tls_auth_port "$config" tls_port ""
         echo "  - address_data: $address" >> "$config_file"
         echo "    tls_auth_name: \"$tls_auth_name\"" >> "$config_file"
+        if [ -n "$tls_port" ]; then
+            echo "    tls_port: $tls_port"  >> "$config_file"
+        fi
 
         handle_resolver_spki()
         {