hannesm
commented
9 years ago stud accepts a set of certificate list * private key and presents the matching certificate depending on SNI. each connection is forwarded to only a single backend server. we could either do the same, or be more fancy (but would decide on a possible configuration for this).
given a set of certificates (with disjoint sets of CN/subjAltName) and a set of services, forward depending on SNI to the right host