* Check the SSL certificate's hostname against the hostname we used
  (RFC 3501, section 11.1)
