From c2e0344110c01eef33697c9611c5689e8eee0691 Mon Sep 17 00:00:00 2001
From: Mattes D <github@xoft.cz>
Date: Tue, 9 May 2023 11:29:35 +0200
Subject: cTCPLink: Use the original connection hostname for SNI.

---
 src/mbedTLS++/SslContext.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/mbedTLS++/SslContext.h')

diff --git a/src/mbedTLS++/SslContext.h b/src/mbedTLS++/SslContext.h
index 6343f7e43..b4b184403 100644
--- a/src/mbedTLS++/SslContext.h
+++ b/src/mbedTLS++/SslContext.h
@@ -51,7 +51,9 @@ public:
 	/** Returns true if the object has been initialized properly. */
 	bool IsValid(void) const { return m_IsValid; }
 
-	/** Sets the SSL peer name expected for this context. Must be called after Initialize().
+	/** Sets the SSL peer name expected for this context.
+	This is used both for TLS SNI and for certificate validation.
+	Must be called after Initialize().
 	\param a_ExpectedPeerName CommonName that we expect the SSL peer to have in its cert,
 	if it is different, the verification will fail. An empty string will disable the CN check. */
 	void SetExpectedPeerName(const std::string_view a_ExpectedPeerName);
-- 
cgit v1.2.3