It looks like Oracle has fixed this in 5.5.48/5.6.29/5.7.11 under "22295186", which is not mentioned in their release notes:
$ git log --oneline --grep 22295186
d9f89ff Bug #22295186: CERTIFICATE VALIDATION BUG IN MYSQL MAY ALLOW MITM
70f1aa4 Bug #22295186: CERTIFICATE VALIDATION BUG IN MYSQL MAY ALLOW MITM.
13380bf Bug #22295186: CERTIFICATE VALIDATION BUG IN MYSQL MAY ALLOW MITM
It looks like Oracle has fixed this in 5.5.48/ 5.6.29/ 5.7.11 under "22295186", which is not mentioned in their release notes:
$ git log --oneline --grep 22295186
d9f89ff Bug #22295186: CERTIFICATE VALIDATION BUG IN MYSQL MAY ALLOW MITM
70f1aa4 Bug #22295186: CERTIFICATE VALIDATION BUG IN MYSQL MAY ALLOW MITM.
13380bf Bug #22295186: CERTIFICATE VALIDATION BUG IN MYSQL MAY ALLOW MITM
We will take the fix by merging those versions.