diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index e37d903331..6a0e5ef620 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -2022,6 +2022,26 @@ static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s)
                            SSL_CTX_get_verify_callback(ssl->ctx));
         }
 
+        /*
+         * We also need to make sure that the correct mctx is
+         * assigned to the connection - the CRL callback e.g.
+         * makes use of it for retrieving its store (mctx->crl).
+         */
+        c->base_server = s;
+
+        /* Since logging in callbacks uses c->base_server in many
+         * cases, it also ensures that these messages are routed
+         * to the proper log.  And finally, there is one special
+         * filter callback, which is set very early depending on the
+         * base_server's log level. If this is not the first vhost
+         * we're now selecting (and the first vhost doesn't use
+         * APLOG_DEBUG), then we need to set that callback here.
+         */
+        if (c->base_server->loglevel >= APLOG_DEBUG) {
+            BIO_set_callback(SSL_get_rbio(ssl), ssl_io_data_cb);
+            BIO_set_callback_arg(SSL_get_rbio(ssl), (void *)ssl);
+        }
+
         return 1;
     }