diff --git a/CMakeLists.txt b/CMakeLists.txt
index 780972c7..9d2079aa 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -943,6 +943,7 @@ endforeach()
 set (temp ${CMAKE_REQUIRED_LIBRARIES})
 set(CMAKE_REQUIRED_LIBRARIES ${LIB_LIST})
 CHECK_FUNCTION_EXISTS(SSL_CTX_set1_param LWS_HAVE_SSL_CTX_set1_param)
+CHECK_FUNCTION_EXISTS(X509_VERIFY_PARAM_set1_host LWS_HAVE_X509_VERIFY_PARAM_set1_host)
 set(CMAKE_REQUIRED_LIBRARIES ${temp})
 # Generate the lws_config.h that includes all the public compilation settings.
 configure_file(
diff --git a/lib/private-libwebsockets.h b/lib/private-libwebsockets.h
index 74569136..b71b78d8 100644
--- a/lib/private-libwebsockets.h
+++ b/lib/private-libwebsockets.h
@@ -221,6 +221,7 @@ static inline int compatible_close(int fd) { return close(fd); }
 #ifdef LWS_HAVE_OPENSSL_ECDH_H
 #include <openssl/ecdh.h>
 #endif
+#include <openssl/x509v3.h>
 #endif /* not USE_MBEDTLS */
 #endif /* not USE_POLARSSL */
 #endif /* not USE_WOLFSSL */
diff --git a/lib/ssl-client.c b/lib/ssl-client.c
index c5a144b0..79e947fe 100644
--- a/lib/ssl-client.c
+++ b/lib/ssl-client.c
@@ -38,11 +38,24 @@ lws_ssl_client_bio_create(struct lws *wsi)
 #if defined(LWS_USE_MBEDTLS)
 #else
 	struct lws_context *context = wsi->context;
-#if defined(CYASSL_SNI_HOST_NAME) || defined(WOLFSSL_SNI_HOST_NAME) || defined(SSL_CTRL_SET_TLSEXT_HOSTNAME)
 	const char *hostname = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_HOST);
-#endif
+	X509_VERIFY_PARAM *param;
+
+	(void)hostname;
+	(void)param;
 
 	wsi->ssl = SSL_new(wsi->vhost->ssl_client_ctx);
+
+#if defined LWS_HAVE_X509_VERIFY_PARAM_set1_host
+	param = SSL_get0_param(wsi->ssl);
+	/* Enable automatic hostname checks */
+	X509_VERIFY_PARAM_set_hostflags(param,
+					X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+	X509_VERIFY_PARAM_set1_host(param, hostname, 0);
+	/* Configure a non-zero callback if desired */
+	SSL_set_verify(wsi->ssl, SSL_VERIFY_PEER, 0);
+#endif
+
 #ifndef USE_WOLFSSL
 	SSL_set_mode(wsi->ssl,  SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
 #endif
diff --git a/lws_config.h.in b/lws_config.h.in
index 9e61d6f1..0e929b90 100644
--- a/lws_config.h.in
+++ b/lws_config.h.in
@@ -82,6 +82,7 @@
 /* SSL server using ECDH certificate */
 #cmakedefine LWS_SSL_SERVER_WITH_ECDH_CERT
 #cmakedefine LWS_HAVE_SSL_CTX_set1_param
+#cmakedefine LWS_HAVE_X509_VERIFY_PARAM_set1_host
 
 /* CGI apis */
 #cmakedefine LWS_WITH_CGI