Set SNI when enabling CertificatePinning with WSEngine with TCPTransport

[dourgulf]

What do you want to happen?

I want to do DNS resolve by myself, and connect to wss server with IP, I set Host header and implement CertificatePinning.

public class HostCertificatePinning: CertificatePinning {
    let host: String
    init(host: String) {
        self.host = host
    }

    public func evaluateTrust(trust: SecTrust, domain: String?, completion: (PinningState) -> Void) {
        SecTrustSetPolicies(trust, SecPolicyCreateSSL(true, host as NSString))
        var error: CFError?
        if SecTrustEvaluateWithError(trust, &error) {
            completion(.success)
        } else {
            completion(.failed(error))
        }
    }
}
        let testUrl = URL(string: "wss://xx.xx.xx.xx")!
        var request = URLRequest(url: testUrl)
        let host = "host.app.com"
        request.addValue(host, forHTTPHeaderField: "Host")
        webcoket = WebSocket(request: request, certPinner: HostCertificatePinning(host: host))

What happens now?

I must set host to CDN host other than our host name to verify certification.
I thinks it because the WebSocket connect do not set SNI, so server return default host certification.

Demo Code

RT

Describe alternatives you've considered

Additional context