Given that s_client is rudimentary and actually pretty old, it might be a thing to do the tests using curl instead of openssl. Curl reports the proper certificates.
Wonder how much work it would be to use curl instead of openssl. Does anyone know what drives the http tests? I'm not a programming guy, but know folks who are.
John Alexander
-----Original Message-----
From: Mark Felder [mailto:user-db141d317836@xymon.invalid]
Sent: Tuesday, August 06, 2013 12:55 PM
To: Ralph Mitchell; John D. Alexander; Galen Johnson
Cc: xymon at xymon.com
Subject: Re: [Xymon] SSL Certs on servers with multiple virtualhosts
On Tue, 06 Aug 2013 14:45:07 -0500, Galen Johnson <user-87f955643e3d@xymon.invalid>
wrote:
Would something like this not work:
group HTTP
0.0.0.0 host1.example.com # https://host1.example.com
0.0.0.0 host2.example.com # https://host2.example.com ...
No, if the client doesn't support SNI it will always receive the first SSL certificate. In that example host2.example.com's data is useless.