Has been changed CloudFront feature by underground?

Question

We as far as aware that AWS Documentation guide has a reason that SNI hostname not matched when CloudFront respond 502 status code. I've understood, totally SNI hostname in ClientHello should be matched on the Custom origin certification SNI list, Only then, can normally next steps for a handshake.  
https://docs.amazonaws.cn/en_us/AmazonCloudFront/latest/DeveloperGuide/http-502-bad-gateway.html#ssl-negotitation-failure  
  
Today, I've other things do checking about a custom origin certification. So I found out in there has another matched domain certificate file pared in web service. But CloudFront responses no any issues no even doesn't response 502 status. (???)  
  
In these servers, Custom Origin expiration date enough remained. But when I've tested to expired certificate file after renewed on web service, Then CloudFront respond 502 status.  
  
I thought might be CloudFront Origin certificate validation procced changed softly that overlook(insecure) to hostname matches on SNI field.  
  
Is that right my guess?

Answer

I've miss understood for this document.  
https://docs.amazonaws.cn/en_us/AmazonCloudFront/latest/DeveloperGuide/http-502-bad-gateway.html#ssl-negotitation-failure  
  
That's why this behavior not issued. it just my configurations miss.

Has been changed CloudFront feature by underground?

Contenus pertinents