--- a/main/tcptls.c	2015-02-14 17:52:59.430619547 +0100
+++ b/main/tcptls.c	2015-02-14 18:08:28.632079666 +0100
@@ -628,6 +628,7 @@
 					ASN1_STRING *str;
 					unsigned char *str2;
 					X509_NAME *name = X509_get_subject_name(peer);
+					STACK_OF(GENERAL_NAME) *alt_names;
 					int pos = -1;
 					int found = 0;
 
@@ -657,6 +658,42 @@
 							break;
 						}
 					}
+
+					if (!found) {
+						alt_names = X509_get_ext_d2i(peer, NID_subject_alt_name, NULL, NULL);
+
+						if (alt_names != NULL) {
+							int alt_names_count = sk_GENERAL_NAME_num(alt_names);
+							for (pos = 0; pos < alt_names_count; pos++) {
+								const GENERAL_NAME *alt_name = sk_GENERAL_NAME_value(alt_names, pos);
+
+								if (alt_name->type != GEN_DNS)
+									continue;
+
+								ret = ASN1_STRING_to_UTF8(&str2, alt_name->d.dNSName);
+								if (ret < 0) {
+									continue;
+								}
+
+								if (str2) {
+									if (strlen((char *) str2) != ret) {
+										ast_log(LOG_WARNING, "Invalid certificate alt name length (contains NULL bytes?)\n");
+									} else if (!strcasecmp(tcptls_session->parent->hostname, (char *) str2)) {
+										found = 1;
+									}
+									ast_debug(3, "SSL Alt Name compare s1='%s' s2='%s'\n", tcptls_session->parent->hostname, str2);
+									OPENSSL_free(str2);
+								}
+
+								if (found) {
+									break;
+								}
+							}
+
+							sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
+						}
+					}
+
 					if (!found) {
 						ast_log(LOG_ERROR, "Certificate common name did not match (%s)\n", tcptls_session->parent->hostname);
 						X509_free(peer);
--- a/include/asterisk/tcptls.h	2014-06-13 07:06:02.000000000 +0200
+++ b/include/asterisk/tcptls.h	2015-02-14 18:14:32.696715830 +0100
@@ -65,6 +65,7 @@
 #ifdef DO_SSL
 #include <openssl/ssl.h>
 #include <openssl/err.h>
+#include <openssl/x509v3.h>
 #else
 /* declare dummy types so we can define a pointer to them */
 typedef struct {} SSL;