SafeURL should use subjectAltName.DNS

[wsargent]

The hostname verifier is set directly on

httpsConn.setHostnameVerifier(new HostnameVerifier {
              def verify(urlHostname: String, session: SSLSession): Boolean = {
                var cert = session.getPeerCertificates()(0)
                if (cert.isInstanceOf[X509Certificate]) {
                  val x509 = cert.asInstanceOf[X509Certificate]
                  val subject = x509.getSubjectX500Principal.getName
                  val commonNames = subject split "," filter (_ startsWith "CN=") map (_ substring 3)
                  val found = commonNames exists (cnMatch(hostname, _))

                  found
                } else {
                  // can only deal with X509 certificates
                  false
                }
              }
            })

https://github.com/IncludeSecurity/safeurl-scala/blob/master/src/com/includesecurity/safeurl/SafeCurl.scala#L364

but this does not take into account subjectAltName's dNSName field, which is what should be used:

https://tersesystems.com/2014/03/23/fixing-hostname-verification/

This does not attempt to look for subjectAltName's iPAddress field, which would be the logical place to look if you're looking something up by IP.