From 396f003c698998d7248b0613741cccd30987c9c4 Mon Sep 17 00:00:00 2001
From: Julian Brost <julian.brost@icinga.com>
Date: Fri, 13 Aug 2021 09:28:57 +0200
Subject: [PATCH] Enable hostname verification in UnbufferedAsioTlsStream

---
 lib/base/tlsstream.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/base/tlsstream.cpp b/lib/base/tlsstream.cpp
index b72a88030..db54c919e 100644
--- a/lib/base/tlsstream.cpp
+++ b/lib/base/tlsstream.cpp
@@ -37,6 +37,10 @@ void UnbufferedAsioTlsStream::BeforeHandshake(handshake_type type)
 {
 	namespace ssl = boost::asio::ssl;
 
+	if (!m_Hostname.IsEmpty()) {
+		X509_VERIFY_PARAM_set1_host(SSL_get0_param(native_handle()), m_Hostname.CStr(), m_Hostname.GetLength());
+	}
+
 	set_verify_mode(ssl::verify_peer | ssl::verify_client_once);
 
 	set_verify_callback([this](bool preverified, ssl::verify_context& ctx) {