Revert: use Host: name for SNI and cert name checks

  ptr = Curl_checkheaders(data, "Host:");

  if(ptr && (!data->state.this_is_a_follow ||

             Curl_raw_equal(data->state.first_host, conn->host.name))) {

#if !defined(CURL_DISABLE_COOKIES)

    /* If we have a given custom Host: header, we extract the host name in

       order to possibly use it for cookie reasons later on. We only allow the

       custom Host: header if this is NOT a redirect, as setting Host: in the

       redirected request is being out on thin ice. Except if the host name

       is the same as the first one! */

    char *chost = Curl_copy_header_value(ptr);

    if (!chost)

    char *cookiehost = Curl_copy_header_value(ptr);

    if (!cookiehost)

      return CURLE_OUT_OF_MEMORY;

    if (!*chost)

    if (!*cookiehost)

      /* ignore empty data */

      free(chost);

      free(cookiehost);

    else {

      char *colon = strchr(chost, ':');

      char *colon = strchr(cookiehost, ':');

      if (colon)

        *colon = 0; /* The host must not include an embedded port number */

      Curl_safefree(conn->allocptr.customhost);

      conn->allocptr.customhost = chost;

      Curl_safefree(conn->allocptr.cookiehost);

      conn->allocptr.cookiehost = cookiehost;

    }

#endif

    conn->allocptr.host = NULL;

  }

    if(data->cookies) {

      Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);

      co = Curl_cookie_getlist(data->cookies,

                               conn->allocptr.customhost?

                               conn->allocptr.customhost:host,

                               conn->allocptr.cookiehost?

                               conn->allocptr.cookiehost:host,

                               data->state.path,

                               (bool)(conn->protocol&PROT_HTTPS?TRUE:FALSE));

      Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);

                      data->cookies, TRUE, k->p+11,

                      /* If there is a custom-set Host: name, use it

                         here, or else use real peer host name. */

                      conn->allocptr.customhost?

                      conn->allocptr.customhost:conn->host.name,

                      conn->allocptr.cookiehost?

                      conn->allocptr.cookiehost:conn->host.name,

                      data->state.path);

      Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);

    }

  struct in_addr addr;

#endif

  CURLcode res = CURLE_OK;

  char *hostname;

  hostname = conn->allocptr.customhost?conn->allocptr.customhost:

    conn->host.name;

#ifdef ENABLE_IPV6

  if(conn->bits.ipv6_ip &&

     Curl_inet_pton(AF_INET6, hostname, &addr)) {

     Curl_inet_pton(AF_INET6, conn->host.name, &addr)) {

    target = GEN_IPADD;

    addrlen = sizeof(struct in6_addr);

  }

  else

#endif

    if(Curl_inet_pton(AF_INET, hostname, &addr)) {

    if(Curl_inet_pton(AF_INET, conn->host.name, &addr)) {

      target = GEN_IPADD;

      addrlen = sizeof(struct in_addr);

    }

          if((altlen == strlen(altptr)) &&

             /* if this isn't true, there was an embedded zero in the name

                string and we cannot match it. */

             cert_hostcheck(altptr, hostname))

             cert_hostcheck(altptr, conn->host.name))

            matched = 1;

          else

            matched = 0;

            "SSL: unable to obtain common name from peer certificate");

      res = CURLE_PEER_FAILED_VERIFICATION;

    }

    else if(!cert_hostcheck((const char *)peer_CN, hostname)) {

    else if(!cert_hostcheck((const char *)peer_CN, conn->host.name)) {

      if(data->set.ssl.verifyhost > 1) {

        failf(data, "SSL: certificate subject name '%s' does not match "

              "target host name '%s'", peer_CN, conn->host.dispname);

  curl_socket_t sockfd = conn->sock[sockindex];

  struct ssl_connect_data *connssl = &conn->ssl[sockindex];

#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME

  const char *hostname;

  bool sni;

#ifdef ENABLE_IPV6

  struct in6_addr addr;

  connssl->server_cert = 0x0;

#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME

  hostname = conn->allocptr.customhost?conn->allocptr.customhost:

    conn->host.name;

  if ((0 == Curl_inet_pton(AF_INET, hostname, &addr)) &&

  if ((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&

#ifdef ENABLE_IPV6

      (0 == Curl_inet_pton(AF_INET6, hostname, &addr)) &&

      (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&

#endif

      sni &&

      !SSL_set_tlsext_host_name(connssl->handle, hostname))

      !SSL_set_tlsext_host_name(connssl->handle, conn->host.name))

    infof(data, "WARNING: failed to configure server name indication (SNI) "

          "TLS extension\n");

#endif

  Curl_safefree(conn->allocptr.rangeline);

  Curl_safefree(conn->allocptr.ref);

  Curl_safefree(conn->allocptr.host);

  Curl_safefree(conn->allocptr.customhost);

  Curl_safefree(conn->allocptr.cookiehost);

  Curl_safefree(conn->allocptr.rtsp_transport);

  Curl_safefree(conn->trailer);

  Curl_safefree(conn->host.rawalloc); /* host name buffer */

    char *rangeline; /* free later if not NULL! */

    char *ref; /* free later if not NULL! */

    char *host; /* free later if not NULL */

    char *customhost; /* free later if not NULL */

    char *cookiehost; /* free later if not NULL */

    char *rtsp_transport; /* free later if not NULL */

  } allocptr;