RFC 6698 somewhat intentionally left the question if the hostname should
be verified against the subject and altnames unspecified. It looks like
the next RFC will opt to ignore any cert content except the pubkey, so
we skip verifyCertNameWithHostName for usage 3.
Likewise, with usage 3 SNI doesn't make much sense anymore, so let's not
even try to activate it.
RFC 6698 somewhat intentionally left the question if the hostname should be verified against the subject and altnames unspecified. It looks like the next RFC will opt to ignore any cert content except the pubkey, so we skip verifyCertNameWithHostName for usage 3.
Likewise, with usage 3 SNI doesn't make much sense anymore, so let's not even try to activate it.
See https://tools.ietf.org/html/draft-ietf-dane-smtp-with-dane-13#section-3.1.1
Closes: #12