Hi, Mike!
I have analyze your fix and found mistake :( We will switch to target SNI section after init_ssl(c) only, thereby init_remote(c) will be connect to wrong destination.
if(!c->opt->option.client && c->opt->protocol<0 #ifndef OPENSSL_NO_TLSEXT && !c->opt->servername_list_head #endif ) { /* server mode and no protocol negotiation needed */ init_ssl(c); init_remote(c); } else { /* client mode or protocol negotiation enabled */ protocol(c, PROTOCOL_PRE_CONNECT); init_remote(c); <<<<<<<<<< Incorrect destination protocol(c, PROTOCOL_PRE_SSL); init_ssl(c); <<<<<<<<<<< switch to target SNI config section only there protocol(c, PROTOCOL_POST_SSL); }
/Alexey V. Drozdov e-mail: anyquist@yandex.ru