e814852ca1
sniffer_http: When DNS override directs multiple domains to the same proxy IP, the browser may reuse a keep-alive connection for a different host. The HTTP keep-alive loop now detects Host header changes and re-dials a new upstream connection with correct node selection, preventing CDN errors (Fastly unknown domain, CloudFront 403). sniffer_tls: Return a descriptive error when TLS ClientHello has no SNI, instead of silently returning nil. This makes the connection drop visible in logs and recorder output. Fixes go-gost/gost#479