Any entries in subjectAltName would prevent fallback to using commonName, but
RFC 2818 says:
If a subjectAltName extension of type dNSName is present, that MUST
be used as the identity. Otherwise, the (most specific) Common Name
field in the Subject field of the certificate MUST be used.
We now only consider dNSNames in subjectAltName.
(dNSName is known as 'DNS' in OpenSSL/Python.)
Two imports were omitted in the restructure of the code creating
sslutil.py, socket and httplib are required when the 'ssl' module
cannot be imported, restoring these imports allows mercurial to run
on python2.4+2.5.
