rust-openssl-verify
Hostname verification for OpenSSL.
OpenSSL up until version 1.1.0 did not support verification that the certificate a server presents matches the domain a client is connecting to. This check is crucial, as an attacker otherwise needs only to obtain a legitimately signed certificate to some domain to execute a man-in-the-middle attack.
The implementation in this crate is based off of libcurl's.