http/client should use sendname to verify the TLS Certificate

[herkulessi]

Currently the the certificate is checked against host/ip, even if sendname is set. That means, that the Client asks for a Certificate for domain A but then checks it against the Domain/Address B, which means it is likely to fail if it isn't a cert that is valid for two domains/ip addresses.

This might be mandated by the spec (I don't know all of the HTTP/TLS/Whatever RFCs/Specifications), however it seems counter intuitive.

[daurnimator]

Is this something you've run into?

[herkulessi]

Yes. I do use this library every now and then to debug TLS issues for my webservers, but since I have more than one (even on one domain) I like to specify the IP address explicitly, to select which of the Servers I hit (to find out which server is broken). I have until now used a slightly modified version of this library (that sets the openssl params to verify sendname, if sendname is set), which worked like a charm (and is only a 4 line + indenting change), however I though that upstream might benefit as well. If you are interested, I can push my changes into a repo and open a PR, but it was fairly quickly thrown together.