If you want to keep pn_ssl_t opaque, then I think that the signature on pn_ssl_init needs to change to pass the hostname that's being connected to. pn_ssl_init can then set the ssl->peer_hostname field.
Attaching a patch that fixes this issue.
Attaching simpler fix.
calling pn_ssl_set_peer_hostname after init seem to work fine.
Commit 1511914 from Ken Giusti in branch 'proton/trunk'
[ https://svn.apache.org/r1511914 ]
PROTON-396: set the peer hostname in the SSL context
Applied Hiram's patch.