fixup! apps/cmp.c: fix use of SSL_set_tlsext_host_name() for SNI and X509_VERIFY_PARAM_set1_host()

apps/cmp.c

@@ -528,7 +528,7 @@ const OPTIONS cmp_options[] = {
      "Trusted certificates to use for verifying the TLS server certificate;"},
     {OPT_MORE_STR, 0, 0, "this implies hostname validation"},
     {"tls_host", OPT_TLS_HOST, 's',
-     "Address to be used for SNI and to be checked during TLS hostname validation"},
+     "Name (or address) to use in SNI and verify in the TLS server certificate"},
 #endif
 
     OPT_SECTION("Client-side debugging"),

doc/man1/openssl-cmp.pod.in

@@ -115,7 +115,7 @@ TLS connection options:
 [B<-tls_keypass> I<arg>]
 [B<-tls_extra> I<filenames>|I<uris>]
 [B<-tls_trusted> I<filenames>|I<uris>]
-[B<-tls_host> I<address>]
+[B<-tls_host> I<host>]
 
 Client-side debugging options:
 
@@ -1030,11 +1030,11 @@ The certificate verification options
 B<-verify_hostname>, B<-verify_ip>, and B<-verify_email>
 have no effect on the certificate verification enabled via this option.
 
-=item B<-tls_host> I<address>
+=item B<-tls_host> I<host>
 
-Address to be used for Server Name Indication (SNI) according to RFC 3546 section 3.1
-and to be checked during TLS hostname validation.
-This may be a DNS name (for SNI, only this is used) or an IPv4 or IPv6 address.
+Hostname or IP address to be checked in the TLS server certificate.
+Usually, this is a DNS name, which is then also used for
+Server Name Indication (SNI) according to RFC 3546 section 3.1.
 If not given it defaults to the host part of the B<-server> option URL argument.
 
 =back