Hi All, Haven't found the answer for this issue. The scheme is : TLS-client <==tls==> stunnel-server <==open==> App-server In user session stunnel-server perform authorization for client with its certificate (verify=2) and send request further to App-server. How does App-server can identify user in this session? To grand permissions. Ideally it would be good to know CN or EKU of user certificate. Is it possible? Thanks a lot!! Denis