In all Mongo-tools doc, note that sslAllowInvalidHostnames and sslAllowInvalidCertificates are deprecated, and describe the problematic behavior in the ticket.
From the doc, it shows: --sslAllowInvalidHostnames
Disables the validation of the hostnames in TLS/SSL certificates. Allows mongodump to connect to MongoDB instances even if the hostname in their certificates do not match the specified hostname.
However, in our implementation, it's treated the same as SSLAllowInvalidCert which bypasses the validation checks for server certificates and allows the use of invalid certificate.
This behavior would cause confusion to the user and also contradicts to the document.
I believe this problem exists in all the tools and mongomirror.
After some research into the issue, I found there is no setting to ignore hostname validation in tlsConfig, thus it's not possible to fix this from the tools library. Mongo Go driver needs to introduce a new flag in ClientOptions.
Implementation can be referred to here https://github.com/golang/go/issues/21971