In the class PhpHttpRequest (file includes/HttpFunctions.php, used when CURL is not installed), the option 'sslVerifyHost' is translated by checking the 'CN' x509 attribute against the host, which is now deprecated with x509 certificate v3 with subjectAltName and this avoid the operation although it was correct.
In particular, this can be observed with `$wgInstantCommons = true' on an HTTPS wiki without php-curl installed, because the commons.wikimedia.org certificate has a CN attribute *.wikipedia.org and commons.wikimedia.org is only in the subjectAltName attribute.
Version: 1.25-git
Severity: normal
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=68581