Hello Gentlemen.
Needs help in configuration or negative clarifications on two issues.
1) First question whether is mixed use of cert/PSKsecrets auth possible?
The same method (ether cert or PSKsecrets explicitly) serverside trough the parent [TLS] and inherited services works properly. But mixed cert/PSKsecrets like in config snippet below doesn't work.
[TLS] client = no accept = 0.0.0.0:https connect = localhost:http cert = /etc/opt/stunnel/stunnel.pem
[ssh] client = no sni = TLS:ssh connect = localhost:ssh
[socks] client = no sni = TLS:socks protocol = socks PSKsecrets = /etc/opt/stunnel/auth/passwd
The idea is to pass insensibly all incorrect or non-SNI aware requests to main http server and hide other multiplexed services. And at the same time to establish encryption and password access control to [socks] service.
2) And the second question is it possible proxy CONNECT after establishing SSL/TLS encryption?
The configuration section:
[ssh] accept = 22222 protocol = connect protocolHost = server.tld:443 protocolUsername = usernamehere protocolPassword = passwordhere connect = proxy.tld:8080
Say to establish unencrypted connection with proxy, pass username and password, tell proxy to establish CONNECT to target 443 and then transmit SSL/TLS to it.
Goal is if I have SSL/TLS termination server/proxy on port 443 so we at first speak SSL/TLS with proxy and only then proceed to proxy requests phase.
Thanks for future explanations.