From 6a828b33e5416864bfbfd2390e2efb4c6d9f5124 Mon Sep 17 00:00:00 2001
From: Bart van Strien <bart.bes@gmail.com>
Date: Fri, 5 Jun 2015 16:49:11 +0200
Subject: [PATCH] Make https request fail if hostname does not match

---
 src/https.lua | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/https.lua b/src/https.lua
index 182877e..e44ed13 100644
--- a/src/https.lua
+++ b/src/https.lua
@@ -68,6 +68,14 @@ local function reg(conn)
    end
 end
 
+-- Check host name
+local function checkhostname(sock, hostname)
+  if not sock:checkhostname(hostname) then
+    return nil, "hostname does not match certificate"
+  end
+  return true
+end
+
 -- Return a function which performs the SSL/TLS connection.
 local function tcp(params)
    params = params or {}
@@ -90,6 +98,7 @@ local function tcp(params)
          try(self.sock:connect(host, port))
          self.sock = try(ssl.wrap(self.sock, params))
          try(self.sock:dohandshake())
+         try(checkhostname(self.sock, host))
          reg(self, getmetatable(self.sock))
          return 1
       end