Hi,

If I upgrade to urllib3 v2.x then my disabling of hostname checking code (based upon assert_hostname = False as per #194 and psf/requests#1405) no longer works in v2.x.

I have read that v2.x now does SAN instead of CN checking (https://urllib3.readthedocs.io/en/stable/v2-migration-guide.html#stop-verifying-commonname-in-certificates) but I don't believe the assert_hostname = False functionality should have also been removed / silently ignored as part of it (that param looks like it could now work with SAN hostnames instead?).

I am creating a HTTPAdapter via Requests:

# Requests references passed from calling code.
from requests.adapters import HTTPAdapter, DEFAULT_POOLBLOCK

class IgnoreHostnameAdapter(HTTPAdapter):

    def init_poolmanager(self, connections, maxsize, block=DEFAULT_POOLBLOCK, **pool_kwargs):
        pool_kwargs['assert_hostname'] = False
        super(IgnoreHostnameAdapter, self).init_poolmanager(connections=connections, maxsize=maxsize, block=block, **pool_kwargs)

which is mounted to the session elsehwere:

# Make the session verify all HTTPS requests with trust for this certficiate.
self.session.verify = 'configuration/gateway.cer'

# Requests to this host will ignore the hostname in the certificate being incorrect.
self.session.mount(self.host, IgnoreHostnameAdapter())

This works in v1.x (pip install urllib3==1.26.16) but breaks in v2.x releases (pip install urllib3 --upgrade).

Is there an equivalent "subjectAltName hostname check" disable feature in v2.x?

This is for connecting to an embedded device where the certificate details are self-signed with an incorrect hostname and I would like to pin the cert rather than disable certificate verification entirely.

Using requests' verify=False to disable all certificate verification of course works but I would like to continue to use requests' session.verify to pin the certificate (just ignore the mismatching hostname).

Thank you for your time.