Roughly around 2008-05-07 15:34 -0400, Sudhaker Raj mentioned:
I wish to use stunnel for following use-case (to create a highly-protected website which can be accessed only using a valid client-cert).
gateway.example.com:443 -> public.example.com:80 (when client-cert verification fails) gateway.example.com:443 -> intranet.example.com:80 (when client-cert verification ok - normally hidden from public)
...
I guess it will be a nice addition to stunnel's feature list.
I disagree. I don't think it's a good idea to add to Stunnel.
This is application layer logic you want, essentially. Your best bet would be to use SSL in apache/webserver of choice directly. Then you can place the verification constraint in the configuration and configure the webserver to serve up selected pages if and only if a cert has been used via normal apache 'require' ACLs.
Alternatively this could be configured with apache as a reverse proxy using mod_proxy in front of two different back end webservers (public and intranet in your example above) if you really want distinct webservers for each.