Trying to connect to the db with verify-ca works if the address is IP, but fails if the address is a host name other than what's in the cacert.

It appears that this function is called in verify-ca scenario: https://github.com/lib/pq/blob/master/ssl.go#L185 and it explicitly checks the name. I don't think this is the desired behavior of verify-ca.

I'm also a little confused as to why any checks need to be made, since the TLS client handshake happens in the first line of the function. That handshake will or will not check the name, depending on InsecureSkipVerify value that is correctly set already.

Am I missing something obvious here? Thank you!