Currently arcanist and libphutil handle server side SSL certificates, but unable to access site requiring client side SSL certificate. Curl has an option to specify the user's certificate (see CURLOPT_SSLCERT), we just need to pass it down from the configuration.
Description
Revisions and Commits
Related Objects
- Mentioned In
- D12107: T7616: Arcanist to be able to access site requiring client side SSL certificate
D12106: T7616: Arcanist to be able to access site requiring client side SSL certificate - Mentioned Here
- T10227: Provide an extension point for HTTP behaviors (proxies, SSL trust)
T550: Build an SSH conduit client
Event Timeline
We haven't seen other interest in this and don't plan to pursue it in the near term. I believe deployment of client SSL certificates is exceptionally rare in the wild. Running Conduit over SSH (T550) might solve some of the same problems but has far broader acceptance.
I had added code to implement this feature to arcanist and libphutil and is working. How can I contribute to have this feature added to code base?
After the introduction of PhutilHTTPEngineExtension (T10227) we have a more viable pathway to bring support for this upstream, but I'd still like to see more interest in it before thinking about upstream support. It looks like only 1-2 installs would use it, today (not sure if both of you represent the same install or not).
We currently have no interest in this from customers, so I don't plan to pursue it. If customer interest arises, there's a plausible pathway forward.