upstream SSL certificate does not match "x.x.x.x"

[bouvierh]

Hello,

I have a configuration an nginx proxy server "NGINX_SERVER" as the
following:
        listen 443 ssl default_server;

        chunked_transfer_encoding on;

        ssl_certificate        server.crt;
        ssl_certificate_key    private_key_server.pem;
        ssl_client_certificate trustedCA.crt;
        #ssl_verify_depth 7;
        ssl_verify_client optional_no_ca;

        location / {
            proxy_http_version 1.1;
            resolver 127.0.0.11;
            proxy_ssl_trusted_certificate trustedCA.crt;
            proxy_ssl_verify_depth 7;
            proxy_ssl_verify       on;
            proxy_pass          https://13.78.229.75:443;
        }

The server "13.78.229.75" has a server certificate generate for an IP. When
I do 
curl  --cacert trustedCA.crt https://13.78.229.75:443 -v 
from "NGINX_SERVER", everything works fine. So the server certificate from
"13.78.229.75" should be good.
Additionnally openssl s_client -connect 13.78.229.75:443 -showcerts -verify
9 -CAfile trustedCA.crt is good too.

However when I try to curl my "NGINX_SERVER":
curl https://"NGINX_SERVER
I get:
 *110 upstream SSL certificate does not match "13.78.229.75" while SSL
handshaking to upstream, client: 13.78.128.54, server: , request: 

Looking at the server certificate, everything looks ok:
        Subject: CN = 13.78.229.75
            X509v3 Subject Alternative Name:
                IP Address:13.78.229.75, DNS:iotedgeapiproxy

I am at loss. How can curl/openssl tell me my server cert is valid while
nginx telling me it is wrong. What am I doing wrong?
Thank you!
Hugues

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,289813,289813#msg-289813