Nginx proxy_pass to server with different name/certificate

I've got a number of upstreams that I proxy requests to in an nginx reverse-proxy setup. Each of these has their own domain names and certificates to match. After turning on proxy_ssl_verify in my reverse proxy, I was expecting nginx to test that the CN in that certificate was valid for the server name in the upstream section. This is apparently not the case.

I'm now getting errors like this:

71061 upstream SSL certificate does not match "Destination5" while SSL handshaking to upstream, client: 10.1.5.5, RequestID: a0b7c7080921bacac7d4bfffcb608434, server: "myservice.example.com", request: "POST / HTTP/1.1", upstream: "https://100.1.1.1:443/", host: "myservice.example.com"

I see in a few other questions (like this one for instance) that one can override the expected name with proxy_ssl_name, but I'm not sure how to do that dynamically for each upstream.

Is there a way to tell nginx to treat these as net-new connections (as it's successfully done before enforcing SSL)? Is there some equivalent or magic that can get the DNS name intead of ip address as in $upstream_addr?