Verify the received SSL certificate's CNAME matches the requested host

[hpshelton]

The cURL manual explains the correct usage of CURLOPT_SSL_VERIFYHOST as follows:

1 to check the existence of a common name in the SSL peer certificate. 2 to check the existence of a common name and also verify that it matches the hostname provided. In production environments the value of this option should be kept at 2 (default value).

CURLOPT_SSL_VERIFYHOST also cannot be used without CURLOPT_SSL_VERIFYPEER. See http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf for a full analysis of the security vulnerability here.