From 2d273a03ca085ce1df58505cf01d45765c1a6ba5 Mon Sep 17 00:00:00 2001
From: Brian Wellington <bwelling@xbill.org>
Date: Mon, 30 Sep 2019 12:39:18 -0700
Subject: [PATCH] Add server_hostname to dns.query.tls()

---
 dns/query.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/dns/query.py b/dns/query.py
index 8eeadbb6..65149762 100644
--- a/dns/query.py
+++ b/dns/query.py
@@ -517,7 +517,7 @@ def tcp(q, where, timeout=None, port=53, af=None, source=None, source_port=0,
 
 def tls(q, where, timeout=None, port=853, af=None, source=None, source_port=0,
         one_rr_per_rrset=False, ignore_trailing=False,
-        ssl_context=None):
+        ssl_context=None, server_hostname=None):
     """Return the response obtained after sending a query via TLS.
 
     *q*, a ``dns.message.Message``, the query to send
@@ -551,6 +551,10 @@ def tls(q, where, timeout=None, port=853, af=None, source=None, source_port=0,
     a TLS connection. If ``None``, the default, creates one with the default
     configuration.
 
+    *server_hostname*, a ``text`` containing the server's hostname.  The
+    default is ``None``, which means that no hostname is known, and if an
+    SSL context is created, hostname checking will be disabled.
+
     Returns a ``dns.message.Message``.
     """
 
@@ -569,7 +573,10 @@ def tls(q, where, timeout=None, port=853, af=None, source=None, source_port=0,
         _connect(s, destination, expiration)
         if ssl_context is None:
             ssl_context = ssl.create_default_context()
-        s = ssl_context.wrap_socket(s, do_handshake_on_connect=False)
+            if server_hostname is None:
+                ssl_context.check_hostname = False
+        s = ssl_context.wrap_socket(s, do_handshake_on_connect=False,
+                                    server_hostname=server_hostname)
         while True:
             try:
                 s.do_handshake()
-- 
2.47.3