tlsdate + SNI = sadness

[Spindel]

Based on empirical testing of 0.0.8 (debian) it seems that tlsdate does not support SNI.

Test setup: default certificate of the host is always localhost.localdomain ,selfsigned certificate All public-facing hostnames are on SNI only. This is both for our test & production environment, to make sure that our code isn't accidentally depending on a default value somewhere.

Currently, tlsdate will refuse to use the assigned hostnames public certificate, as it gets the self-signed localhost cert when connecting without using SNI.

Proper time is gathered if you disable certificate checking, which isn't quite what we are after.