Option for providing client TLS certificate

[natlibfi-arlehiko]

Please implement an option to provide the client's TSL certificate. Currently you need a proxy server like stunnel/haproxy to provide the certificate if the server verifies it.

[MikeTaylor]

This is by design. YAZ is a Z39.50 toolkit, not a web server. We could keep adding features and features to it, until it contains an email reader and (in accordance with Greenspun's tenth rule), an ad-hoc, informally-specified, bug-ridden, slow implementation of half of Common Lisp. But we prefer the Unix philosophy of keeping each tool small and clean, doing one thing well. haproxy is a fine tool for supporting TLS.

[natlibfi-arlehiko]

But the support is there, since yaz-client allows you to connect to TLS servers (By prefixing the URL with ssl:) but it apparently uses a static TLS cert.

[MikeTaylor]

Thanks for spotting that. I have re-opened the issue, and will leave to to @adamdickmeiss to comment.

[adamdickmeiss]

Yes. Seems like a good idea.. Like -E option for curl and --certificate option for wget.

[natlibfi-arlehiko]

So is this going to be implemented only in the CLI or in the library as well?

[adamdickmeiss]

Library including the ZOOM API.