diff --git a/src/internal.c b/src/internal.c
index 677f7b05b..16820fadc 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -9054,7 +9054,16 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
         use_cb = 1;
     }
 #endif
+#if defined(OPENSSL_EXTRA)
+    /* perform domain name check on the peer certificate */
+    if (args->dCertInit && args->dCert && args->dCert->subjectCN \
+        && ssl->param && ssl->param->hostName[0]) {
 
+        if(XSTRSTR(args->dCert->subjectCN, ssl->param->hostName) == NULL) {
+            return VERIFY_CERT_ERROR;
+        }
+    }
+#endif
     /* if verify callback has been set */
     if (use_cb && ssl->verifyCallback) {
     #ifdef WOLFSSL_SMALL_STACK
diff --git a/src/ssl.c b/src/ssl.c
index efbd78e2e..782a81e94 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -16672,6 +16672,9 @@ WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert)
 *
 * RETURNS:
 * The beginning of the hash digest. Otherwise, returns zero.
+* Note:
+* Returns a different hash value from OpenSSL's X509_subject_name_hash() API
+* depending on the subject name.
 */
 unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509)
 {
@@ -19738,21 +19741,31 @@ void wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX* ctx,
 * RETURNS:
 *
 */
-void wolfSSL_X509_VERIFY_PARAM_set1_host(WOLFSSL_X509_VERIFY_PARAM* pParam,
+int wolfSSL_X509_VERIFY_PARAM_set1_host(WOLFSSL_X509_VERIFY_PARAM* pParam,
                                          const char* name,
                                          unsigned int nameSz)
 {
     if (pParam == NULL)
-        return;
+        return WOLFSSL_FAILURE;
 
     XMEMSET(pParam->hostName, 0, WOLFSSL_HOST_NAME_MAX);
+    /* If name is NUL-terminated, namelen can be set to zero. */
+    if(name && (nameSz == 0))
+        nameSz = XSTRLEN(name);
 
-    if (nameSz > WOLFSSL_HOST_NAME_MAX)
-        nameSz = WOLFSSL_HOST_NAME_MAX;
+    if (nameSz > 0 && name[nameSz - 1] == '\0')
+        nameSz--;
+
+    if (nameSz > WOLFSSL_HOST_NAME_MAX-1)
+        nameSz = WOLFSSL_HOST_NAME_MAX-1;
 
     if (nameSz > 0)
         XMEMCPY(pParam->hostName, name, nameSz);
-        pParam->hostName[WOLFSSL_HOST_NAME_MAX-1] = '\0';
+
+        pParam->hostName[nameSz] = '\0';
+
+    return WOLFSSL_SUCCESS;
+
 }
 /******************************************************************************
 * wolfSSL_get0_param - return a pointer to the SSL verification parameters
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 06259ef98..710b6942b 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1018,7 +1018,7 @@ WOLFSSL_API int       wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED*);
 WOLFSSL_API void      wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX*,
                                                       unsigned long flags,
                                                       time_t t);
-WOLFSSL_API void wolfSSL_X509_VERIFY_PARAM_set1_host(WOLFSSL_X509_VERIFY_PARAM* pParam,
+WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1_host(WOLFSSL_X509_VERIFY_PARAM* pParam,
                                                     const char* name,
                                                     unsigned int nameSz);