diff --git a/components/openssl/include/openssl/ssl.h b/components/openssl/include/openssl/ssl.h
index ad25f908b..95fd6e9eb 100755
--- a/components/openssl/include/openssl/ssl.h
+++ b/components/openssl/include/openssl/ssl.h
@@ -26,6 +26,14 @@
 {
 */
 
+#define SSL_CB_ALERT 0x4000
+
+#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT		(1 << 0)
+#define X509_CHECK_FLAG_NO_WILDCARDS			(1 << 1)
+#define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS		(1 << 2)
+#define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS		(1 << 3)
+#define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS		(1 << 4)
+
 /**
  * @brief create a SSL context
  *
@@ -1546,6 +1554,30 @@ X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl);
 int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
                                 const char *name, size_t namelen);
 
+/**
+ * @brief set parameters for X509 host verify action
+ *
+ * @param param -verify parameters from SSL_get0_param()
+ *
+ * @param flags - bitfield of X509_CHECK_FLAG_... parameters to set
+ *
+ * @return 1 for success, 0 for failure
+ */
+int X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
+                    unsigned long flags);
+
+/**
+ * @brief clear parameters for X509 host verify action
+ *
+ * @param param -verify parameters from SSL_get0_param()
+ *
+ * @param flags - bitfield of X509_CHECK_FLAG_... parameters to clear
+ *
+ * @return 1 for success, 0 for failure
+ */
+int X509_VERIFY_PARAM_clear_hostflags(X509_VERIFY_PARAM *param,
+                      unsigned long flags);
+
 /**
  * @brief get SSL write only IO handle
  *
diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c
index bd811e0a9..50cf2203e 100644
--- a/components/openssl/library/ssl_x509.c
+++ b/components/openssl/library/ssl_x509.c
@@ -126,6 +126,28 @@ X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
     return &ssl->param;
 }
 
+/**
+ * @brief set X509 host verification flags
+ */
+
+int X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
+                    unsigned long flags)
+{
+    /* flags not supported yet */
+    return 0;
+}
+
+/**
+ * @brief clear X509 host verification flags
+ */
+
+int X509_VERIFY_PARAM_clear_hostflags(X509_VERIFY_PARAM *param,
+                      unsigned long flags)
+{
+    /* flags not supported yet */
+    return 0;
+}
+
 /**
  * @brief set SSL context client CA certification
  */