Hello! The following patch series somewhat improves checking of the SSL context where the client certificate was verified.
Notably: - Session ID context now includes trusted certificates list, so a session cannot be restored in a server block with different trusted certificates list (even if it uses the same server certificate and the same client CA certificates list). - Reshaped HTTP level server name checks to better match existing certificate verification checking code. As a side effect, now it is now allowed to use different names at HTTP level as long as verification context stays the same (that is, names within the same server block). - Added a workaround to prevent incorrect session reuse in OpenSSL 1.1.1e and above when using TLSv1.3, which allows session reuse with different server names without any checks. -- Maxim Dounin
