(ITS#7330) slapd mmr failure due to tls cert name mismatch

[openldap@stormcloud9.net]

Full_Name: Patrick Hemmer
Version: 2.4.31
OS: RHEL 6
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (74.238.31.70)


I have 2 servers (version 2.4.31) in multi-master-replication behind a single
IP. Whenever replication tries to start, it fails because the cert name does not
match the hostname.
----
TLS: hostname (per5-unity-ldap02.mbox.net) does not match common name in
certificate (unity-ldap.mbox.net).
5009c52e slap_client_connect: URI=ldap://per5-unity-ldap02.mbox.net Error,
ldap_start_tls failed (-11)
5009c52e do_syncrepl: rid=523 rc -11 retrying (5 retries left)
----

However in the slapd configuration, I have the olcSyncrepl tls_reqcert parameter
set to 'never'
----
dn: olcDatabase={3}hdb,cn=config

olcSyncrepl: {0}rid=513 provider="ldap://per5-unity-ldap01.mbox.net";
 network-timeout=2 retry="1 10 10 60 60 +" keepalive="60:3:60"
 starttls=critical tls_reqcert=never
 bindmethod=simple timeout=2 binddn="uid=foo,cn=bar" credentials="baz"
 type=refreshAndPersist searchbase="dc=my,dc=domain"
olcSyncrepl: {1}rid=523 provider="ldap://per5-unity-ldap02.mbox.net";
 network-timeout=2 retry="1 10 10 60 60 +" keepalive="60:3:60"
 starttls=critical tls_reqcert=never
 bindmethod=simple timeout=2 binddn="uid=foo,cn=bar" credentials="baz"
 type=refreshAndPersist searchbase="dc=my,dc=domain"
----

I have also tried tls_reqcert=allow with the same result. And in a desperate
attempt, I also tried setting tls_cacert=/dev/null in the hope that if it
couldn't verify the cert it wouldnt check the hostname against the cert subject,
but this failed as well.