I feel like this is a new flag, there's not much about it online.
The man pages explains it, but it doesn't make a lot of sense to me. I found a command that uses it as a DNS resolver i.e:
curl host1 --connect-to host1:443:load-balancer-underneath
I wanted to validate the command, but I don't see much other than the man pages.
For a request to the given HOST1:PORT1 pair, connect to HOST2:PORT2 instead
So, why not just connect to host2 directly?
This option is suitable to direct requests at a specific server, e.g. at a specific cluster node in a cluster of servers.
So, once again, why not just ping the cluster node directly? I can see how it's trying to suggest "hit host1 but then forward the request to host2" but it's still not clear what exactly is going on.
This option is only used to establish the network connection. It does NOT affect the hostname/port that is used for TLS/SSL (e.g. SNI, certificate verification) or for the application protocols.
For HTTPS, aren't network connections established through TLS/SSL?
For example, for debugging purposes. You could run an alternative server, maybe on localhost, and redirect requests to it without having to change the original request/code.
SSL/TLS is an application level protocol, not a transport. The TCP connection has to be established first, then the SSL/TLS handshake is transmitted over that connection. This option affects where the TCP connection is connected to, it does not affect the hostname specified in the SSL/TLS handshake, or in the HTTP
Hostheader, etc.