When parsing certificates, use any UUID in subjectAltName by preference.
That's where the GPO want UUIDs to go. (And it's where we put them now, though we didn't before.) We still look for UUIDs in other places, because we're not ready to break backward compatibility with old certificates yet.
Showing with 24 additions and 13 deletions