I am trying to get stunnel-4.53-1.1 in Debian Wheezy running. The important parts of my configuration (/etc/stunnel/stunnel.conf) look like that:
[https]
cert = /etc/ssl/certs/mydomain.pem
key = /etc/ssl/private/mydomain.key
accept = 443
connect = localhost:80
pty = no
[host1]
connect = localhost:80
sni = https:host1.mydomain.com
cert = /etc/ssl/certs/host1.mydomain.pem
key = /etc/ssl/private/host1.mydomain.key
[host2]
connect = localhost:81
sni = https:host2.mydomain.com
cert = /etc/ssl/certs/host2.mydomain.pem
key = /etc/ssl/private/host2.mydomain.key
This configuration works correctly when I access host1 (using a recent firefox). However if I access host2, i get the certificate of host1 offered which results in a warning in firefox.
In case I accept the wrong certificate stunnel anyway connects me with localhost:80 instead of localhost:81.
I crosschecked the general SSL/SNI setup with two virtual apache hosts. Here everything worked as expected.
Can anyone explain this behavior of stunnel or might even know how to fix it?
Many thanks in advance
