Problem Description

When connecting to a MongoDB instance that uses an invalid certificate (mismatching hostname), specifying tlsAllowInvalidCertificates or tlsAllowInvalidHostnames as options should make it possible to connect.

In general, the former option should allow to connect to a server using invalid certificates (e.g. including expired certificates).

Please note that leaving out tlsCAFile should work when combining with tlsAllowInvalidCertificates, i.e. it should be possible to connect to a server having a self-signed certificate without giving the CA file on the client side.

Steps to Reproduce

Launch a server with a certificate that mismatches the hostname, try to connect, e.g. with

const MongoClient = require('mongodb').MongoClient;
const path = require('path');

(async () => {
    const caFile = path.join(__dirname, 'test', 'fixtures', 'certificates', 'ca.crt');
    const client = await MongoClient.connect(
        'mongodb://localhost:30001/?serverSelectionTimeoutMS=1500&tls=true&tlsAllowInvalidCertificates=true&tlsCAFile=' + caFile
    );
    console.log('connected');
})().catch(e => process.nextTick(() => { throw e; }));

Expected Results

The connection is successfully established.

Actual Results

An error is thrown:

MongoServerSelectionError: Hostname/IP does not match certificate's altnames: Host: localhost. is not cert's CN: invalidhost
    at Timeout._onTimeout (/.../mongodb/mongosh/node_modules/mongodb/lib/sdam/topology.js:296:38)
    at listOnTimeout (internal/timers.js:554:17)
    at processTimers (internal/timers.js:497:7) {
...

Additional Notes

I can provide certificates for testing if needed.

This only affects driver v4 - v3.6 works as expected.