This is something I’ve complained about before on HN but this rings really hollow when Go 1.17 arbitrarily updated the x.509 package to suddenly stop supporting TLS hostname validation based on the CN field because it was deprecated in the X509 specification.

My browser doesn’t care, why should Go?