This patch adds a check that the server certificate common name
resolves to the other side of the socket.
It also seems to have bits that were supposed to be in the
previous patch. Probably operator error - a combined patch
will be posted in a few minutes.
Bear