The certificate validation code for the mbedTLS backend should look at the CURLOPT_SSL_VERIFYHOST option via SSL_CONN_CONFIG(verifyhost) to control if CN checking is done as part of server certification validation.
As it stands now, it's impossible to validate the certificate but omit the hostname checks when using the mbedTLS backend. This is possible with other backends like OpenSSL.
Turn off the MBEDTLS_X509_BADCERT_CN_MISMATCH error bit if verifyhost is disabled, but otherwise do the same as before. We don't want to fail if verifyhost is on and verifypeer is off since the latter is the master kill switch for validation.