From bf7c004356cd621cebff61c7aa1ed22e6f1e2e74 Mon Sep 17 00:00:00 2001
From: creiche <creiche@gmail.com>
Date: Thu, 4 Mar 2021 10:49:39 -0500
Subject: [PATCH] enable SNI on oidc-provider

---
 packages/@aws-cdk/aws-iam/lib/oidc-provider/external.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/@aws-cdk/aws-iam/lib/oidc-provider/external.ts b/packages/@aws-cdk/aws-iam/lib/oidc-provider/external.ts
index d926caf405e22..4ad18aed4f17d 100644
--- a/packages/@aws-cdk/aws-iam/lib/oidc-provider/external.ts
+++ b/packages/@aws-cdk/aws-iam/lib/oidc-provider/external.ts
@@ -28,7 +28,7 @@ async function downloadThumbprint(issuerUrl: string) {
     if (!purl.host) {
       return ko(new Error(`unable to determine host from issuer url ${issuerUrl}`));
     }
-    const socket = tls.connect(port, purl.host, { rejectUnauthorized: false });
+    const socket = tls.connect(port, purl.host, { rejectUnauthorized: false, servername: purl.host });
     socket.once('error', ko);
     socket.once('secureConnect', () => {
       const cert = socket.getPeerCertificate();