|
As the server has moved to using native TLS on OS X (Secure Transport), it has added command line options to let users select keys from the user/system keychain certificate store. Because the command line tools try to match server command line options for configuration, the server tools will likely provide a similar capability.
The driver currently only supports providing SSLClientCertificateKeyFile and SSLClientCertificateKeyPassword options and is oblivious to the keychain certificate store.
If the driver implements the ability to get certs/keys from the certificate store, then the tools can delegate this work to the driver. If the driver does not implement this capability, then the tools will have to implement both the capability and a custom TLS dialer to user such certificates/keys.
As a middle ground, if the driver allows certs/keys to be provided in byte form rather than a file name, the tools can implement the cert store lookup and the driver can consume the resulting bytes. (That doesn't change the amount of code to be written – it only partitions this ticket across two projects.)
|