Hi Richard,
On Mon, Feb 08, 2010 at 12:21:25PM +0000, Richard Harvey wrote:
In this case the client would always connect to example.com on port 7000 for example. Then based on which client cert is used to connect the client would be forwarded to a different IP:port. I'm not sure thats what you mean with Server Name Indication.
my example:
both client 1 and client 2 connect to stunnel.example.com:7000
client 1 would connect and may be proxied to client1.example.com:9000
client 2 would connect and may be proxied to cleint2.example.com:6789
If possible this would be configured in the stunnel.conf file on the server.
Not exactly what you're looking for, but it may be worth to mention that I've written a patch to redirect to a user that doesn't successfully authentify:
http://ftp.nluug.nl/networking/stunnel/contrib/evil.patch
A small explanation is available at the beginning.
Regards,