3 files changed, 8 insertions, 3 deletions

diff --git a/src/OSSupport/Network.h b/src/OSSupport/Network.h
index 32163b710..32c7ecdd0 100644
--- a/src/OSSupport/Network.h
+++ b/src/OSSupport/Network.h
@@ -113,7 +113,8 @@ public:
 	Returns empty string on success, non-empty error description on failure. */
 	virtual AString StartTLSClient(
 		cX509CertPtr a_OwnCert,
-		cCryptoKeyPtr a_OwnPrivKey
+		cCryptoKeyPtr a_OwnPrivKey,
+		const std::string_view hostname
 	) = 0;
 
 	/** Starts a TLS handshake as a server connection.
diff --git a/src/OSSupport/TCPLinkImpl.cpp b/src/OSSupport/TCPLinkImpl.cpp
index c93a1879d..86fa24a63 100644
--- a/src/OSSupport/TCPLinkImpl.cpp
+++ b/src/OSSupport/TCPLinkImpl.cpp
@@ -237,7 +237,8 @@ void cTCPLinkImpl::Close(void)
 
 AString cTCPLinkImpl::StartTLSClient(
 	cX509CertPtr a_OwnCert,
-	cCryptoKeyPtr a_OwnPrivKey
+	cCryptoKeyPtr a_OwnPrivKey,
+	const std::string_view hostname
 )
 {
 	// Check preconditions:
@@ -263,6 +264,8 @@ AString cTCPLinkImpl::StartTLSClient(
 		m_TlsContext->Initialize(true);
 	}
 
+	m_TlsContext->SetExpectedPeerName(hostname);
+
 	m_TlsContext->SetSelf(cLinkTlsContextWPtr(m_TlsContext));
 
 	// Start the handshake:
diff --git a/src/OSSupport/TCPLinkImpl.h b/src/OSSupport/TCPLinkImpl.h
index 4b8c6f308..d26b1e358 100644
--- a/src/OSSupport/TCPLinkImpl.h
+++ b/src/OSSupport/TCPLinkImpl.h
@@ -68,7 +68,8 @@ public:
 	virtual void Close(void) override;
 	virtual AString StartTLSClient(
 		cX509CertPtr a_OwnCert,
-		cCryptoKeyPtr a_OwnPrivKey
+		cCryptoKeyPtr a_OwnPrivKey,
+		const std::string_view hostname
 	) override;
 	virtual AString StartTLSServer(
 		cX509CertPtr a_OwnCert,