From b6c02b13e3ce706dff6f96f754ef1682d9062258 Mon Sep 17 00:00:00 2001
From: Pierre Ossman <ossman@cendio.se>
Date: Tue, 30 Jul 2024 09:18:31 +0200
Subject: [PATCH] Include host in TLS setup

This enabled SNI, and allows it to check the certificate for the correct
host.
---
 websockify/websocket.py        | 3 ++-
 websockify/websockifyserver.py | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/websockify/websocket.py b/websockify/websocket.py
index ab7982f9..ee7dc834 100644
--- a/websockify/websocket.py
+++ b/websockify/websocket.py
@@ -140,7 +140,8 @@ def connect(self, uri, origin=None, protocols=[]):
 
             if uri.scheme in ("wss", "https"):
                 context = ssl.create_default_context()
-                self.socket = context.wrap_socket(self.socket)
+                self.socket = context.wrap_socket(self.socket,
+                                                  server_hostname=uri.hostname)
                 self._state = "ssl_handshake"
             else:
                 self._state = "headers"
diff --git a/websockify/websockifyserver.py b/websockify/websockifyserver.py
index 727851de..94e63bd9 100644
--- a/websockify/websockifyserver.py
+++ b/websockify/websockifyserver.py
@@ -471,7 +471,7 @@ def socket(host, port=None, connect=False, prefer_ipv6=False,
                 sock.connect(addrs[0][4])
                 if use_ssl:
                     context = ssl.create_default_context()
-                    sock = context.wrap_socket(sock)
+                    sock = context.wrap_socket(sock, server_hostname=host)
             else:
                 sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
                 sock.bind(addrs[0][4])