do not unconditionally override tls_options

[krauro]

Summary

Only set the SSL_hostname option when it is not provided

Motivation

This respects the users' $ua->tls_options configuration

[tagg]

Partly the same as #2148

[krauro]

I have updated all certs to use 2048 bit keys. Otherwise on my system I was running into the following openssl error:

[format:PEM] error:0A00018F:SSL routines::ee key too small

While there are workarounds for most systems defaulting to openssl sec-level 2, I think its probably better to update the test certs here. I suspect @tagg was having trouble running the tests for the same reason

[kraih]

Squash commits.

[krauro]

Squashed and now using a subtest block

[Copilot]

Pull request overview

Adjusts Mojo’s TLS option expansion to respect user-provided tls_options, and extends the TLS test suite/cert fixtures to cover the new behavior.

Changes:

• Stop unconditionally overwriting SSL_hostname / SSL_verifycn_name defaults when user tls_options provide them.
• Add new TLS tests for preserving SSL_hostname and SSL_verifycn_name overrides.
• Refresh test certificates/keys (including adding mojo_server.{crt,key}) used by TLS tests.

Reviewed changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 3 comments.

File	Description
lib/Mojo/IOLoop/TLS.pm	Changes how default SSL_hostname / SSL_verifycn_name are applied when tls_options are present.
t/mojo/ioloop_tls.t	Adds regression tests for conditional TLS option defaults; updates cert regeneration notes.
t/mojo/certs/{ca,server,client,bad}.{crt,key}	Updates TLS test fixtures to new cert/key material.
t/mojo/certs/mojo_server.{crt,key}	Adds a dedicated server cert/key fixture for verifycn_name coverage.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[krauro]

The windows CI failure looks unrelated

[kraih]

You can rebase to fix the Windows failure.