Issue: redis-py doesn't enforce hostname validation (Common Name nor Subject Alternative Name) by default when accepting a cert from a remote SSL terminator. This default behavior isn't compatible to accepted PEPs/RFCs and provides a dangerous sense of false security.

Task: Correct redis-py to validate certificates by default. IMHO this shouldn't be considered a breaking change as it simply reenforces the expected results when initiating a SSL connection.

Additional research:

• https://tools.ietf.org/html/rfc6125
• https://www.python.org/dev/peps/pep-0476/
• https://wiki.openssl.org/index.php/Hostname_validation