From f1b3b685c57f27979fc1363de8098b5973073d68 Mon Sep 17 00:00:00 2001
From: Roger Light <roger@atchoo.org>
Date: Sat, 7 Dec 2013 23:20:08 +0000
Subject: [PATCH] Fix TLS subjectAltName verification.

---
 src/paho/mqtt/client.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/paho/mqtt/client.py b/src/paho/mqtt/client.py
index f3fd15d..1a72c79 100755
--- a/src/paho/mqtt/client.py
+++ b/src/paho/mqtt/client.py
@@ -2008,7 +2008,11 @@ class Client:
             for ((key,value),) in san:
                 if key == 'DNS':
                     have_san_dns = True
-                    if value == self._host:
+                    if value.lower() == self._host.lower():
+                        return
+                if key == 'IP Address':
+                    have_san_dns = True
+                    if value.lower() == self._host.lower():
                         return
 
             if have_san_dns:
@@ -2018,7 +2022,7 @@ class Client:
         if subject:
             for ((key,value),) in subject:
                 if key == 'commonName':
-                    if value == self._host:
+                    if value.lower() == self._host.lower():
                         return
 
         raise ssl.SSLError('Certificate subject does not match remote hostname.')
-- 
2.39.5