operating system

All platforms for mbedTLS

curl/libcurl version

All versions

The certificate validation code for the mbedTLS backend should look at the CURLOPT_SSL_VERIFYHOST option via SSL_CONN_CONFIG(verifyhost) to control if CN checking is done as part of server certification validation.

As it stands now, it's impossible to validate the certificate but omit the hostname checks when using the mbedTLS backend. This is possible with other backends like OpenSSL.

https://github.com/curl/curl/blob/master/lib/vtls/mbedtls.c#L586