Index: common.c
===================================================================
--- common.c	(revision 251550)
+++ common.c	(working copy)
@@ -322,7 +322,7 @@
  * Enable SSL on a connection.
  */
 int
-fetch_ssl(conn_t *conn, int verbose)
+fetch_ssl(conn_t *conn, int verbose, char *hostname)
 {
 #ifdef WITH_SSL
 	int ret, ssl_err;
@@ -345,6 +345,14 @@
 		return (-1);
 	}
 	SSL_set_fd(conn->ssl, conn->sd);
+
+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
+	if (!SSL_set_tlsext_host_name(conn->ssl, hostname)) {
+		fprintf(stderr, "TLS server name indication extension failed for host %s\n", hostname);
+		return (-1);
+	}
+#endif
+
 	while ((ret = SSL_connect(conn->ssl)) == -1) {
 		ssl_err = SSL_get_error(conn->ssl, ret);
 		if (ssl_err != SSL_ERROR_WANT_READ &&
Index: common.h
===================================================================
--- common.h	(revision 251550)
+++ common.h	(working copy)
@@ -87,7 +87,7 @@
 conn_t		*fetch_connect(const char *, int, int, int);
 conn_t		*fetch_reopen(int);
 conn_t		*fetch_ref(conn_t *);
-int		 fetch_ssl(conn_t *, int);
+int		 fetch_ssl(conn_t *, int, char *);
 ssize_t		 fetch_read(conn_t *, char *, size_t);
 int		 fetch_getln(conn_t *);
 ssize_t		 fetch_write(conn_t *, const char *, size_t);
Index: http.c
===================================================================
--- http.c	(revision 251550)
+++ http.c	(working copy)
@@ -1408,7 +1408,7 @@
 		http_get_reply(conn);
 	}
 	if (strcasecmp(URL->scheme, SCHEME_HTTPS) == 0 &&
-	    fetch_ssl(conn, verbose) == -1) {
+	    fetch_ssl(conn, verbose, URL->host) == -1) {
 		fetch_close(conn);
 		/* grrr */
 		errno = EAUTH;