#1225 libcurl, curl do not honor apache SNI direction to SSL certificates

[Anthony Baldwin]

I have a several sites with distinct SSL certificates on one server with apache (SNI). Browsers seem to find the proper cert, but curl and libcurl do not, thus hindering communications. Server is running Debian Squeeze, Apache2, curl 7.21.0 (x86_64-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6
The applications I am using that require curl/libcurl to communicate with others are decentralized communications platforms, friendica (friendica.com) and red (a new project from the friendica folks).
libcurl's failure to access the proper cert completely prevents proper communications with red.
Furthermore, when I post to either (they both have a simple API) with curl, the --ssl option gives me errors, while -k works.
I know the vhosts and certificates are all correct and installed properly, since browsers (firefox, iceweasel, google chrome, chromium, midori) all find the proper certificates. The libcurl errors indicate that libcurl is accessing the first cert on the server (a self-signed) rather than the certs the vhosts indicate for the domains for the friendica and red installations.
I don't know if this description is adequate, but will be glad to answer further question if it is helpful.

[Anthony Baldwin]

Okay, my bad, I think I have solved this, and it's not curl's fault.
I had :443 in my ports.conf and vhosts, which apparently messes up SNI. I added "SSLStrictSNIVHostCheck on" in my ports.conf and changed all the :443 to IP.ADD.RE.SS:443 in my vhosts, and it seems it may be working properly now.
I'll leave this with the comment in case anyone else is tempted to hastily file a bug before checking every possible configuration issue (thought I had, but had missed these bits).