Add warning about ext. policies and ServerVerifier. (#12458)

Author: deivse

docs/x509/verification.rst

@@ -277,6 +277,10 @@ the root of trust:
         The default policies used are those returned by :meth:`ExtensionPolicy.webpki_defaults_ee`
         and :meth:`ExtensionPolicy.webpki_defaults_ca`.
 
+        .. warning::
+            If the PolicyBuilder will be used to build a :class:`ServerVerifier`, the EE extension policy
+            `must require` the :class:`~cryptography.x509.SubjectAlternativeName` extension to be present.
+
         :param ExtensionPolicy new_ca_policy: The CA extension policy to use.
         :param ExtensionPolicy new_ee_policy: The EE extension policy to use.