diff --git a/wget-1.13.4-tls_sni_support.patch b/wget-1.13.4-tls_sni_support.patch
new file mode 100644
index 0000000..c4f8a4b
--- /dev/null
+++ b/wget-1.13.4-tls_sni_support.patch
@@ -0,0 +1,134 @@
+diff -up wget-1.13.4/src/gnutls.c.tls_sni_support wget-1.13.4/src/gnutls.c
+--- wget-1.13.4/src/gnutls.c.tls_sni_support	2011-09-04 14:06:22.000000000 +0200
++++ wget-1.13.4/src/gnutls.c	2012-10-09 09:35:04.476172748 +0200
+@@ -54,6 +54,8 @@ as that of the covered work.  */
+ # include "w32sock.h"
+ #endif
+ 
++#include "host.h"
++
+ /* Note: some of the functions private to this file have names that
+    begin with "wgnutls_" (e.g. wgnutls_read) so that they wouldn't be
+    confused with actual gnutls functions -- such as the gnutls_read
+@@ -320,13 +322,21 @@ static struct transport_implementation w
+ };
+ 
+ bool
+-ssl_connect_wget (int fd)
++ssl_connect_wget (int fd, const char *hostname)
+ {
+   struct wgnutls_transport_context *ctx;
+   gnutls_session session;
+   int err;
+   gnutls_init (&session, GNUTLS_CLIENT);
+   gnutls_set_default_priority (session);
++
++  /* We set the server name but only if it's not an IP address. */
++  if (! is_ip_address (hostname))
++    {
++      gnutls_server_name_set (session, GNUTLS_NAME_DNS,
++         hostname, strlen(hostname));
++    }
++
+   gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, credentials);
+ #ifndef FD_TO_SOCKET
+ # define FD_TO_SOCKET(X) (X)
+diff -up wget-1.13.4/src/host.c.tls_sni_support wget-1.13.4/src/host.c
+--- wget-1.13.4/src/host.c.tls_sni_support	2011-08-06 23:22:39.000000000 +0200
++++ wget-1.13.4/src/host.c	2012-10-09 09:32:48.245355889 +0200
+@@ -914,3 +914,19 @@ host_cleanup (void)
+       host_name_addresses_map = NULL;
+     }
+ }
++
++/* Determine whether or not a hostname is an IP address that we recognise. */
++bool
++is_ip_address (const char *name)
++{
++  const char *endp;
++
++  endp = name + strlen(name);
++  if (is_valid_ipv4_address (name, endp))
++    return true;
++#ifdef ENABLE_IPV6
++  if (is_valid_ipv6_address (name, endp))
++    return true;
++#endif
++  return false;
++}
+diff -up wget-1.13.4/src/host.h.tls_sni_support wget-1.13.4/src/host.h
+--- wget-1.13.4/src/host.h.tls_sni_support	2011-01-01 13:12:35.000000000 +0100
++++ wget-1.13.4/src/host.h	2012-10-09 09:32:48.246355887 +0200
+@@ -103,4 +103,6 @@ bool sufmatch (const char **, const char
+ 
+ void host_cleanup (void);
+ 
++bool is_ip_address (const char *);
++
+ #endif /* HOST_H */
+diff -up wget-1.13.4/src/http.c.tls_sni_support wget-1.13.4/src/http.c
+--- wget-1.13.4/src/http.c.tls_sni_support	2011-09-07 12:58:01.000000000 +0200
++++ wget-1.13.4/src/http.c	2012-10-09 09:37:07.532007301 +0200
+@@ -1909,7 +1909,7 @@ gethttp (struct url *u, struct http_stat
+ 
+       if (conn->scheme == SCHEME_HTTPS)
+         {
+-          if (!ssl_connect_wget (sock))
++          if (!ssl_connect_wget (sock, u->host))
+             {
+               fd_close (sock);
+               return CONSSLERR;
+diff -up wget-1.13.4/src/openssl.c.tls_sni_support wget-1.13.4/src/openssl.c
+--- wget-1.13.4/src/openssl.c.tls_sni_support	2012-10-09 09:32:48.000000000 +0200
++++ wget-1.13.4/src/openssl.c	2012-10-09 09:39:05.382848841 +0200
+@@ -50,6 +50,8 @@ as that of the covered work.  */
+ # include <w32sock.h>
+ #endif
+ 
++#include "host.h"
++
+ /* Application-wide SSL context.  This is common to all SSL
+    connections.  */
+ static SSL_CTX *ssl_ctx;
+@@ -433,7 +435,7 @@ ssl_connect_with_timeout_callback(void *
+    Returns true on success, false on failure.  */
+ 
+ bool
+-ssl_connect_wget (int fd)
++ssl_connect_wget (int fd, const char *hostname)
+ {
+   SSL *conn;
+   struct scwt_context scwt_ctx;
+@@ -445,6 +447,20 @@ ssl_connect_wget (int fd)
+   conn = SSL_new (ssl_ctx);
+   if (!conn)
+     goto error;
++
++#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
++  /* If the SSL library was build with support for ServerNameIndication
++     then use it whenever we have a hostname.  If not, don't, ever. */
++  if (! is_ip_address (hostname))
++    {
++      if (! SSL_set_tlsext_host_name (conn, hostname))
++  {
++  DEBUGP (("Failed to set TLS server-name indication."));
++  goto error;
++  }
++    }
++#endif
++
+ #ifndef FD_TO_SOCKET
+ # define FD_TO_SOCKET(X) (X)
+ #endif
+diff -up wget-1.13.4/src/ssl.h.tls_sni_support wget-1.13.4/src/ssl.h
+--- wget-1.13.4/src/ssl.h.tls_sni_support	2011-01-01 13:12:35.000000000 +0100
++++ wget-1.13.4/src/ssl.h	2012-10-09 09:39:38.848803841 +0200
+@@ -33,7 +33,7 @@ as that of the covered work.  */
+ #define GEN_SSLFUNC_H
+ 
+ bool ssl_init (void);
+-bool ssl_connect_wget (int);
++bool ssl_connect_wget (int, const char *);
+ bool ssl_check_certificate (int, const char *);
+ 
+ #endif /* GEN_SSLFUNC_H */
diff --git a/wget.spec b/wget.spec
index 2b5785f..1b690b9 100644
--- a/wget.spec
+++ b/wget.spec
@@ -1,7 +1,7 @@
 Summary: A utility for retrieving files using the HTTP or FTP protocols
 Name: wget
 Version: 1.13.4
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPLv3+
 Group: Applications/Internet
 Url: http://www.gnu.org/software/wget/
@@ -10,6 +10,8 @@ Source: ftp://ftp.gnu.org/gnu/wget/wget-%{version}.tar.bz2
 Patch1: wget-rh-modified.patch
 Patch2: wget-1.12-path.patch
 Patch3: openssl-1.13.4-sslreadtimeout.patch
+# Upstream Bug: http://savannah.gnu.org/bugs/?26786
+Patch4: wget-1.13.4-tls_sni_support.patch
 
 Provides: webclient
 Provides: bundled(gnulib) 
@@ -32,6 +34,7 @@ support for Proxy servers, and configurability.
 %patch1 -p0
 %patch2 -p1
 %patch3 -p1 -b .sslreadtimeout
+%patch4 -p1 -b .tls_sni_support
 
 %build
 if pkg-config openssl ; then
@@ -68,6 +71,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_infodir}/*
 
 %changelog
+* Tue Oct 09 2012 Tomas Hozza <thozza@redhat.com> 1.13.4-6 
+- Fixed TLS SNI Support in wget (#836822)
+
 * Thu Sep 27 2012 Tomas Hozza <thozza@redhat.com> 1.13.4-5
 - Rebuild in Koji