id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
1601	ssl default server must have a cert even if it's not being accessed	https://stackoverflow.com/users/418966/cyker		"With this configuration:

    server {
        listen 443 ssl;
        server_name a.com;
        ssl_certificate a.cert;
        ssl_certificate_key a.key;
    }
    server {
        listen 443 ssl;
        server_name b.com;
        ssl_certificate b.cert;
        ssl_certificate_key b.key;
    }
    server {
        listen 443 default_server ssl;
        ...
    }

When a client tries to connect to a.com, nginx will spawn an error:

>   no ""ssl_certificate"" is defined in server listening on SSL port while SSL handshaking

With SNI enabled, this is not very rational because the client clearly says it
wants a.com, which is defined in a separate block. Whether or not the default
server has a cert shouldn't matter.

If nginx requires every ssl block must have a cert, then it should enforce this
check at start time, not when a client tries to connect to a server.
"	defect	closed	minor		nginx-core	1.12.x	duplicate			4.17.6-200.fc28.x86_64	"nginx version: nginx/1.12.1
...
TLS SNI support enabled
"