mbedtls: follow-up VERIFYHOST fix from f0976692

  ret = mbedtls_ssl_get_verify_result(&BACKEND->ssl);

  if(!SSL_CONN_CONFIG(verifyhost))

    /* Ignore hostname errors if verifyhost is disabled */

    ret &= ~MBEDTLS_X509_BADCERT_CN_MISMATCH;

  if(ret && SSL_CONN_CONFIG(verifypeer)) {

    if(ret & MBEDTLS_X509_BADCERT_EXPIRED)

      failf(data, "Cert verify failed: BADCERT_EXPIRED");

    if(ret & MBEDTLS_X509_BADCERT_REVOKED) {

    else if(ret & MBEDTLS_X509_BADCERT_REVOKED)

      failf(data, "Cert verify failed: BADCERT_REVOKED");

      return CURLE_PEER_FAILED_VERIFICATION;

    }

    if(ret & MBEDTLS_X509_BADCERT_NOT_TRUSTED)

    else if(ret & MBEDTLS_X509_BADCERT_CN_MISMATCH)

      failf(data, "Cert verify failed: BADCERT_CN_MISMATCH");

    else if(ret & MBEDTLS_X509_BADCERT_NOT_TRUSTED)

      failf(data, "Cert verify failed: BADCERT_NOT_TRUSTED");

    return CURLE_PEER_FAILED_VERIFICATION;

  }

  if(ret && SSL_CONN_CONFIG(verifyhost)) {

    if(ret & MBEDTLS_X509_BADCERT_CN_MISMATCH)

      failf(data, "Cert verify failed: BADCERT_CN_MISMATCH");

    return CURLE_PEER_FAILED_VERIFICATION;

  }

  peercert = mbedtls_ssl_get_peer_cert(&BACKEND->ssl);