--- a/src/lib-ssl-iostream/iostream-openssl-context.c	Thu Dec 14 20:56:36 2017 +0200
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c	Wed Nov 01 12:58:46 2017 +0200
@@ -267,8 +267,8 @@
 	ssl_io = SSL_get_ex_data(ssl, dovecot_ssl_extdata_index);
 	host = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
 	if (SSL_get_servername_type(ssl) != -1) {
-		i_free(ssl_io->host);
-		ssl_io->host = i_strdup(host);
+		i_free(ssl_io->sni_host);
+		ssl_io->sni_host = i_strdup(host);
 	} else if (ssl_io->verbose) {
 		i_debug("SSL_get_servername() failed");
 	}

--- a/src/lib-ssl-iostream/iostream-openssl.c	Thu Dec 14 20:56:36 2017 +0200
+++ b/src/lib-ssl-iostream/iostream-openssl.c	Wed Nov 01 12:58:46 2017 +0200
@@ -242,7 +242,7 @@
 	ssl_io->bio_ext = bio_ext;
 	ssl_io->plain_input = *input;
 	ssl_io->plain_output = *output;
-	ssl_io->host = i_strdup(host);
+	ssl_io->connected_host = i_strdup(host);
 	ssl_io->log_prefix = host == NULL ? i_strdup("") :
 		i_strdup_printf("%s: ", host);
 	/* bio_int will be freed by SSL_free() */
@@ -283,7 +283,8 @@
 	SSL_free(ssl_io->ssl);
 	i_free(ssl_io->plain_stream_errstr);
 	i_free(ssl_io->last_error);
-	i_free(ssl_io->host);
+	i_free(ssl_io->connected_host);
+	i_free(ssl_io->sni_host);
 	i_free(ssl_io->log_prefix);
 	i_free(ssl_io);
 }
@@ -688,7 +689,7 @@
 
 static const char *openssl_iostream_get_server_name(struct ssl_iostream *ssl_io)
 {
-	return ssl_io->host;
+	return ssl_io->sni_host;
 }
 
 static const char *

--- a/src/lib-ssl-iostream/iostream-openssl.h	Thu Dec 14 20:56:36 2017 +0200
+++ b/src/lib-ssl-iostream/iostream-openssl.h	Wed Nov 01 12:58:46 2017 +0200
@@ -33,7 +33,10 @@
 	struct istream *ssl_input;
 	struct ostream *ssl_output;
 
-	char *host;
+	/* SSL clients: host where we connected to */
+	char *connected_host;
+	/* SSL servers: host requested by the client via SNI */
+	char *sni_host;
 	char *last_error;
 	char *log_prefix;
 	char *plain_stream_errstr;