Curl incorrectly fails hostname validation for certs with an empty Subject but a matching, critical Subject Alternative Name. Such certificates are valid per RFC 2459 4.1.2.6
The attached Perl test case demonstrates the problem.
curl 7.30.0 (i686-pc-linux-gnu) libcurl/7.30.0 OpenSSL/1.0.1d zlib/1.2.5 c-ares/1.9.1
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP
Proposed fix attached.
Thanks for the report, a slightly edited version of your patch was just pushed as commit bdb396ef2af