> I think I also need to add the server's CA's certificate, so factotum > can check the server identity. Right?
Factotum is meant to store the private keys. The CA certificate would probably have its place in /sys/lib/tls (in PEM format). However, this is not needed, since the current X.509 implementation in Plan 9 doesn't verify certificate chain. Also, TLS client authentication isn't currently supported in Plan 9, but you could try Christian Kellermann's implementation. http://plan9.bell-labs.com/sources/patch/maybe/tls-client-auth/ hget http://www.9legacy.org/9legacy/patch/tls-client-auth.diff | ape/patch -p0 -- David du Colombier
