diff --git a/AUTHORS b/AUTHORS
index c6d5ec4e361a..cfd4cde03633 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -65,3 +65,4 @@ Philippe Beaudoin <philippe.beaudoin@gmail.com>
 Mark Hahnenberg <mhahnenb@gmail.com>
 Alex Gartrell <alexgartrell@gmail.com>
 James Choi <jchoi42@pha.jhu.edu>
+Paul Kehrer <paul.l.kehrer@gmail.com>
diff --git a/net/socket/ssl_client_socket_mac.cc b/net/socket/ssl_client_socket_mac.cc
index b03ed7ac1da8..0720a407da03 100644
--- a/net/socket/ssl_client_socket_mac.cc
+++ b/net/socket/ssl_client_socket_mac.cc
@@ -764,6 +764,14 @@ int SSLClientSocketMac::InitializeSSLContext() {
     status = SSLSetPeerID(ssl_context_, peer_id.data(), peer_id.length());
     if (status)
       return NetErrorFromOSStatus(status);
+
+    // Although we disable OS level certificate verification above,
+    // passing the domain name enables the server_name TLS extension (SNI).
+    status = SSLSetPeerDomainName(ssl_context_,
+                                  hostname_.data(),
+                                  hostname_.length());
+    if (status)
+      return NetErrorFromOSStatus(status);
   } else {
     // If I can't break on cert-requested, then set the cert up-front:
     status = SetClientCert();