When testing network connections to a server using the TLS SNI extension to allow a single IP address to respond with different certificates the openssl s_client program supports this with the -servername command-line option:
-servername name
Set the TLS SNI (Server Name Indication) extension in the ClientHello message to the given value. If -servername is not provided, the TLS SNI extension will be populated with the name given to -connect if it follows a DNS name format. If -connect is not provided either, the SNI is set to “localhost”. This is the default since OpenSSL 1.1.1.
Even though SNI should normally be a DNS name and not an IP address, if -servername is provided then that name will be sent, regardless of whether it is a DNS name or not.
This option cannot be used in conjunction with -noservername.
For example (for a test server running on localhost):
$ 2>&1 openssl s_client -connect localhost:443 -servername blah.foo.org | grep "^subject" subject=/CN=*.foo.org $ 2>&1 openssl s_client -connect localhost:443 -servername local.bar.org | grep "^subject" subject=/CN=*.bar.org