SecureTransport implementation currently treats ::kSecTrustResultRecoverableTrustFailure as an invalid hostname signal, however other trust failures could cause it.
Since there's no way to clearly tell what the recoverable trust failure was, fall back on not setting the peer name (similar to C-driver's implementation) when the setting is applied.