On Tue, 2016-05-10 at 06:14 +0800, Yick Xie wrote: > I tested and it did not work. Still the first one in the order would > be delivered, the case is the same as IP cert. > > ONE cert was issued with dns_name="xxx.com"; > TWO cert was issued with dns_name="vpn.yyy.net". > The gnutls is 3.3.18, some more configuration to enable SNI? How to > verify my environment? Perhaps due to some other outdated libs? I verified that was an issue affecting ocserv. That is solved with the new gnutls releases (3.3.23 or 3.4.12). regards, Nikos
