Ensure that there is no "hidden" DNS lookup in secure socket code

sdk/lib/io/secure_socket.dart

 // Copyright (c) 2013, the Dart project authors.  Please see the AUTHORS file
 // for details. All rights reserved. Use of this source code is governed by a
 // BSD-style license that can be found in the LICENSE file.
 
 part of dart.io;
 
 /**
  * A high-level class for communicating securely over a TCP socket, using
  * TLS and SSL. The [SecureSocket] exposes both a [Stream] and an
  * [IOSink] interface, making it ideal for using together with
@@ skipping 39 matching lines @@
 
   /**
    * Takes an already connected [socket] and starts client side TLS
    * handshake to make the communication secure. When the returned
    * future completes the [SecureSocket] has completed the TLS
    * handshake. Using this function requires that the other end of the
    * connection is prepared for TLS handshake.
    *
    * If the [socket] already has a subscription, this subscription
    * will no longer receive and events. In most cases calling
-   * [:pause:] on this subscription before starting TLS handshake is
+   * `pause` on this subscription before starting TLS handshake is
    * the right thing to do.
    *
    * If the [host] argument is passed it will be used as the host name
    * for the TLS handshake. If [host] is not passed the host name from
    * the [socket] will be used. The [host] can be either a [String] or
    * an [InternetAddress].
    *
+   * Calling this function will _not_ cause a DNS host lookup. If the
+   * [host] passed is a [String] the [InternetAddress] for the
+   * resulting [SecureSocket] will have the passed in [host] as its
+   * host value and the internet address of the already connected
+   * socket as its address value.
+   *
    * See [connect] for more information on the arguments.
    *
    */
   static Future<SecureSocket> secure(
       Socket socket,
       {host,
        bool sendClientCertificate: false,
        String certificateName,
        bool onBadCertificate(X509Certificate certificate)}) {
     var completer = new Completer();
@@ skipping 161 matching lines @@
   /**
    * Takes an already connected [socket] and starts client side TLS
    * handshake to make the communication secure. When the returned
    * future completes the [RawSecureSocket] has completed the TLS
    * handshake. Using this function requires that the other end of the
    * connection is prepared for TLS handshake.
    *
    * If the [socket] already has a subscription, pass the existing
    * subscription in the [subscription] parameter. The secure socket
    * will take over the subscription and process any subsequent
-   * events.
+   * events. In most cases calling `pause` on this subscription before
+   * starting TLS handshake is the right thing to do.
+   *
+   * If the [host] argument is passed it will be used as the host name
+   * for the TLS handshake. If [host] is not passed the host name from
+   * the [socket] will be used. The [host] can be either a [String] or
+   * an [InternetAddress].
+   *
+   * Calling this function will _not_ cause a DNS host lookup. If the
+   * [host] passed is a [String] the [InternetAddress] for the
+   * resulting [SecureSocket] will have this passed in [host] as its
+   * host value and the internet address of the already connected
+   * socket as its address value.
    *
    * See [connect] for more information on the arguments.
    *
    */
   static Future<RawSecureSocket> secure(
       RawSocket socket,
       {StreamSubscription subscription,
        host,
        bool sendClientCertificate: false,
        String certificateName,
@@ skipping 131 matching lines @@
       {bool is_server,
        RawSocket socket,
        StreamSubscription subscription,
        List<int> bufferedData,
        bool requestClientCertificate: false,
        bool requireClientCertificate: false,
        bool sendClientCertificate: false,
        bool onBadCertificate(X509Certificate certificate)}) {
     var future;
     if (host is String) {
-      future = InternetAddress.lookup(host).then((addrs) => addrs.first);
+      if (socket != null) {
+        future = new Future.value(
+            (socket.address as dynamic)._cloneWithNewHost(host));
+      } else {
+        future = InternetAddress.lookup(host).then((addrs) => addrs.first);
+      }
     } else {
       future = new Future.value(host);
     }
     return future.then((addr) {
      return new _RawSecureSocket(addr,
                                  requestedPort,
                                  certificateName,
                                  is_server,
                                  socket,
                                  subscription,
@@ skipping 51 matching lines @@
         _socketSubscription = _socket.listen(_eventDispatcher,
                                              onError: _errorHandler,
                                              onDone: _doneHandler);
       } else {
         _socketSubscription.onData(_eventDispatcher);
         _socketSubscription.onError(_errorHandler);
         _socketSubscription.onDone(_doneHandler);
       }
       _connectPending = true;
       _secureFilter.connect(address.host,
+                            (address as dynamic)._sockaddr_storage,
                             port,
                             is_server,
                             certificateName,
                             requestClientCertificate ||
                                 requireClientCertificate,
                             requireClientCertificate,
                             sendClientCertificate);
       _status = HANDSHAKE;
       _secureHandshake();
     })
@@ skipping 474 matching lines @@
   List data;  // This will be a ExternalByteArray, backed by C allocated data.
   int start;
   int length;
 }
 
 
 abstract class _SecureFilter {
   external factory _SecureFilter();
 
   void connect(String hostName,
+               Uint8List addr,
                int port,
                bool is_server,
                String certificateName,
                bool requestClientCertificate,
                bool requireClientCertificate,
                bool sendClientCertificate);
   void destroy();
   void handshake();
   void init();
   X509Certificate get peerCertificate;
   int processBuffer(int bufferIndex);
   void registerBadCertificateCallback(Function callback);
   void registerHandshakeCompleteCallback(Function handshakeCompleteHandler);
 
   List<_ExternalBuffer> get buffers;
 }