>The -Y flag was being treated as if it means the default of not asking
>for a client cert.
Thanks! Applied with a slightly different style.
I should really have used a different name for the optional client
certificate. As is, -Y/-y is asymmetrical between s6-tlsc and s6-tlsd,
and that's ugly (and the reason for the bug, because I copied the
template for s6-tlsserver from s6-tlsclient and failed to fix the -Y
discrepancy).
And yes, you may well be the first to use it. It's uncommon that a
server requires a client certificate - generally only people with a
serious PKI setup bother with this, which means big orgs, and those
haven't switched to s6-tlsserver yet. ;)
--
Laurent
Received on Tue Aug 08 2023 - 22:02:10 CEST