diff --git a/documentation/connection-options.md b/documentation/connection-options.md
index 5b1c2e26..bd014deb 100644
--- a/documentation/connection-options.md
+++ b/documentation/connection-options.md
@@ -173,6 +173,7 @@ JSON object:
 
 |option|description|type|default| 
 |---:|---|:---:|:---:| 
+|**servername**| A string with the host name to use with SNI if different to host | *string*|
 |**checkServerIdentity**| `function(servername, cert)` to replace SNI default function| *Function*|
 |**minDHSize**| Minimum size of the DH parameter in bits to accept a TLS connection | *number*|1024|
 |**pfx**| Optional PFX or PKCS12 encoded private key and certificate chain. Encrypted PFX will be decrypted with `passphrase` if provided| *string / string[] / Buffer / Buffer[] / *Object[]*|
diff --git a/lib/cmd/handshake/authentication.js b/lib/cmd/handshake/authentication.js
index da94506c..0fee29c3 100644
--- a/lib/cmd/handshake/authentication.js
+++ b/lib/cmd/handshake/authentication.js
@@ -97,7 +97,7 @@ class Authentication extends Command {
             }
             return this.throwNewError('self-signed certificate', true, info, '08000', Errors.ER_SELF_SIGNED);
           } else if (info.requireIdentifyCheck) {
-            const identityError = tls.checkServerIdentity(opts.host, info.tlsCert);
+            const identityError = tls.checkServerIdentity(typeof opts.ssl === 'object' && opts.ssl.servername ? opts.ssl.servername : opts.host, info.tlsCert);
             if (identityError) {
               return this.throwNewError(
                 'certificate identify Error: ' + identityError.message,
diff --git a/lib/connection.js b/lib/connection.js
index 11464333..2d1a2594 100644
--- a/lib/connection.js
+++ b/lib/connection.js
@@ -1339,14 +1339,13 @@ class Connection extends EventEmitter {
       this.opts.ssl === true ||
       this.opts.ssl.rejectUnauthorized === undefined ||
       this.opts.ssl.rejectUnauthorized === true;
-    info.requireIdentifyCheck = this.opts.ssl === true || this.opts.ssl.checkServerIdentity === undefined;
+    info.requireIdentifyCheck = this.opts.ssl === true || this.opts.ssl.checkServerIdentity !== undefined;
     const baseConf = {
       servername: this.opts.host,
       socket: this.socket,
       rejectUnauthorized: false,
-      checkServerIdentity: () => {}
     };
-    const sslOption = this.opts.ssl === true ? baseConf : Object.assign({}, this.opts.ssl, baseConf);
+    const sslOption = this.opts.ssl === true ? baseConf : Object.assign({}, baseConf, this.opts.ssl);
 
     try {
       const secureSocket = tls.connect(sslOption, callback);