When using TLS checkServerIdentity is using only subject to determine if a certificate is empty or not

RFC 5280 allows for a certificate to have only altNames and an empty subject. The existing code already considers altName a priority and uses any supported altNames, if present, instead of the subject.

Although subject empty certificates are not common Windows uses them in their infrastructure so improving this check will simplify integration with systems using certificates with empty subjects.