Should not use canonical hostname when doing TLS certificate checks #20
Description
libesmtp will currently fail if trying to use smtp.office365.com as the outgoing mail server because it fails the SAN checks in tlsutil.c. This is because check_acceptable_security in smtp-tls.c has this logic:
/* use canonic hostname for validation if available */
host = session->canon != NULL ? session->canon : session->host;
But for smtp.office365.com that canonical hostname ends up being SJC-efz.ms-acdc.office.com, which does not match any of the SANs because the wildcard for *.office.com (correctly) only matches one hostname segment.
host smtp.office365.com
smtp.office365.com is an alias for outlook.office365.com.
outlook.office365.com is an alias for ooc-g2.tm-4.office.com.
ooc-g2.tm-4.office.com is an alias for outlook.ms-acdc.office.com.
outlook.ms-acdc.office.com is an alias for SJC-efz.ms-acdc.office.com.
SJC-efz.ms-acdc.office.com has address 52.96.166.162
SJC-efz.ms-acdc.office.com has address 52.96.110.82
SJC-efz.ms-acdc.office.com has address 52.96.110.18
SJC-efz.ms-acdc.office.com has address 52.96.110.66
SJC-efz.ms-acdc.office.com has IPv6 address 2603:1036:307:48e1::2
SJC-efz.ms-acdc.office.com has IPv6 address 2603:1036:307:486c::2
SJC-efz.ms-acdc.office.com has IPv6 address 2603:1036:307:486d::2
SJC-efz.ms-acdc.office.com has IPv6 address 2603:1036:307:2874::2