I have seen and tested HAProxy can successfully do client authentication based on client SSL certificates.
But what I miss in this client certificate authentication is the CN or SAN validation.
So in other words, how to ensure HAProxy validates the host(client) name with the name specified in the client certificate (SAN or CN).
For what I have tested this validation does not take place, which results in a client certificate which still can be shared and used by multiple clients, are there any options within HAProxy to ensure such validation can take place?
Am I overlooking something here?