> In fact, I am sure its a bug.
>
> I also happen to have the following certs:
> *.apps.mycompany.com.au
> *.its.apps.mycompany.com.au
>
> If I go to sitea.its.apps.mycompany.com.au, I get the
> *.apps.mycompany.com.au certificate
>
> Where should I log this?
Reporting here is enough. I already suspected there is a bug
here, inverting the certificates until it works its only a workaround.
What happens if you run it with "strict-sni" on the bind line?
Could you provide a wireshark/tcpdump capture of the SSL session
serving the wrong certificate, and one thats serving the correct
certificate (using the other hostname, in this case)?
Can you tell if the wildcard hostname are in the CN or in the SAN
field of the certificate?
I will try to reproduce this.
Lukas
