From 84a4eaaf95d6f0f59f91e249ae0ae5da416a2f46 Mon Sep 17 00:00:00 2001
From: Toby Chui <tobychui@users.noreply.github.com>
Date: Thu, 25 Sep 2025 21:11:10 +0800
Subject: [PATCH] Fixed #821

- Added the recommended code snippet
---
 src/mod/dynamicproxy/dpcore/dpcore.go | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/src/mod/dynamicproxy/dpcore/dpcore.go b/src/mod/dynamicproxy/dpcore/dpcore.go
index f59ead5..6c56f47 100644
--- a/src/mod/dynamicproxy/dpcore/dpcore.go
+++ b/src/mod/dynamicproxy/dpcore/dpcore.go
@@ -6,6 +6,7 @@ import (
 	"errors"
 	"io"
 	"log"
+	"net"
 	"net/http"
 	"net/url"
 	"strings"
@@ -301,6 +302,29 @@ func (p *ReverseProxy) ProxyHTTP(rw http.ResponseWriter, req *http.Request, rrr
 		return http.StatusBadGateway, err
 	}
 
+	//Fix for issue #821
+	if outreq.URL != nil && strings.EqualFold(outreq.URL.Scheme, "https") {
+		if tr, ok := transport.(*http.Transport); ok {
+			serverName := outreq.Host
+			if h, _, err := net.SplitHostPort(serverName); err == nil {
+				serverName = h
+			}
+
+			if tr.TLSClientConfig == nil || tr.TLSClientConfig.ServerName != serverName {
+				trc := tr.Clone()
+				var cfg *tls.Config
+				if tr.TLSClientConfig != nil {
+					cfg = tr.TLSClientConfig.Clone()
+				} else {
+					cfg = &tls.Config{}
+				}
+				cfg.ServerName = serverName
+				trc.TLSClientConfig = cfg
+				transport = trc
+			}
+		}
+	}
+
 	// Remove hop-by-hop headers listed in the "Connection" header of the response, Remove hop-by-hop headers.
 	if !rrr.NoRemoveHopByHop {
 		removeHeaders(res.Header, rrr.NoCache)