diff --git a/ssmtp.c b/ssmtp.c
index af4d1e5..8c6d795 100644
--- a/ssmtp.c
+++ b/ssmtp.c
@@ -26,11 +26,17 @@
 #include <ctype.h>
 #include <netdb.h>
 #ifdef HAVE_SSL
+#include <openssl/bio.h>
 #include <openssl/crypto.h>
+#include <openssl/x509v3.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/stack.h>
+#include <openssl/safestack.h>
 #include <openssl/ssl.h>
 #include <openssl/err.h>
+
+#include "check_mailhub.ci"
 #endif
 #ifdef MD5AUTH
 #include "md5auth/hmac_md5.h"
@@ -1106,6 +1112,7 @@ int smtp_open(char *host, int port)
 {
 #ifdef INET6
 	struct addrinfo hints, *ai0, *ai;
+	char*  domain_name_out;
 	char servname[NI_MAXSERV];
 	int s;
 #else
@@ -1271,6 +1278,22 @@ int smtp_open(char *host, int port)
 		if(!server_cert) {
 			return(-1);
 		}
+
+		if(0 == check_mailhub_name(host, server_cert, &domain_name_out)) {
+			log_event(LOG_ERR, "The mailhub name does not match the domain name in the certificate:");
+			if(NULL != domain_name_out) {
+				log_event(LOG_ERR, "  mailhub name: %s, domain name: %s\n", host,
+			                                                        domain_name_out);
+				printf("ssmtp: domain name: %s\n", domain_name_out);
+				OPENSSL_free(domain_name_out);
+			}
+			return(-1);
+		}
+		if(NULL != domain_name_out)
+			printf("ssmtp: domain name: %s\n", domain_name_out);
+
+		if(NULL != domain_name_out)  OPENSSL_free(domain_name_out);
+
 		X509_free(server_cert);
 
 		/* TODO: Check server cert if changed! */
@@ -2059,6 +2082,8 @@ int main(int argc, char **argv)
 {
 	char **new_argv;
 
+  wait_for_key();
+
 	/* Try to be bulletproof :-) */
 	(void)signal(SIGHUP, SIG_IGN);
 	(void)signal(SIGINT, SIG_IGN);