Option for providing client TLS certificate

Question

Option for providing client TLS certificate

Opened this issue 6 years ago · 6 comments

Please implement an option to provide the client's TSL certificate. Currently you need a proxy server like stunnel/haproxy to provide the certificate if the server verifies it.

Answer 1 · 2018-11-14T12:09:28.000Z

This is by design. YAZ is a Z39.50 toolkit, not a web server. We could keep adding features and features to it, until it contains an email reader and (in accordance with Greenspun's tenth rule), an ad-hoc, informally-specified, bug-ridden, slow implementation of half of Common Lisp. But we prefer the Unix philosophy of keeping each tool small and clean, doing one thing well. haproxy is a fine tool for supporting TLS.

Answer 2 · 2018-11-14T12:12:35.000Z

But the support is there, since yaz-client allows you to connect to TLS servers (By prefixing the URL with ssl:) but it apparently uses a static TLS cert.

Answer 3 · 2018-11-14T12:58:01.000Z

Thanks for spotting that. I have re-opened the issue, and will leave to to @adamdickmeiss to comment.

Answer 4 · 2018-11-14T13:00:04.000Z

Yes. Seems like a good idea.. Like -E option for curl and --certificate option for wget.

Answer 5 · 2018-11-15T06:19:09.000Z

So is this going to be implemented only in the CLI or in the library as well?

Answer 6 · 2018-11-15T09:38:16.000Z

Library including the ZOOM API.