Hello, 2009/1/26 Michael Renner wrote -to me) :
I see the only chance in accepting every SSL connection, check somehow for a authentication inside the ssl channel and redirect the traffic to the proxy (if the authentication succeed) or to a webserver if the authentication failed.
If I understand well, the feature you want is : if authentifcation succeeds connect to good_server else connect to fake_server.
The check for authentification is done in file verify.c. The functions return 1 if authentication succeeds and 0 if it fails. This features rely on openssl backend and are specified in http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html.
IMHO, if you want to implement your feature, I think you can patch stunnel to: - in file verify.c * maintain your own error storage variable * make the verify functions always return 1 - in client.c, function init_remote, connect on selective host depending on your own error variable (good_server or fake_server). - in options.c : add the new option connect_fake option in services section.
I'm a little too busy to implement this shortly.