diff --git a/Lib/ssl.py b/Lib/ssl.py
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -197,8 +197,9 @@
     """
     if not cert:
         raise ValueError("empty or no certificate")
+    cert_info = cert.get_info()
     dnsnames = []
-    san = cert.get('subjectAltName', ())
+    san = cert_info.get('subjectAltName', ())
     for key, value in san:
         if key == 'DNS':
             if _dnsname_to_pat(value).match(hostname):
@@ -207,7 +208,7 @@
     if not dnsnames:
         # The subject is only checked when there is no dNSName entry
         # in subjectAltName
-        for sub in cert.get('subject', ()):
+        for sub in cert_info.get('subject', ()):
             for key, value in sub:
                 # XXX according to RFC 2818, the most specific Common Name
                 # must be used.