Branch at  adds two new method pairs (as in server/client session).
- the first pair is an API that makes it possible for the server to require the client certificate during the TLS handshake (and for the client to provide it). This is useful e.g. in XTLS, when the client and server needs mutual authentication.
- the second pair is an API that enables SRP-based handshake instead of an X.509-based one. The way it works is not mutual-exclusive, i.e. you can set the server session to accept both SRP and X.509 and the client to provide both, in case the server asks for one or the other.
- this is only implemented in the GNUTls backend
- the first part could also be implemented for OpenSSL
- the SRP part can't be implemented there ATM, as SRP has still not been merged into OpenSSL proper (see ).
- the APIs that can fail (e.g. when you import certificates) could use a GError? Probably in that case other APIs there such as wocky_tls_add_ca() should be updated to use GErrors for consistency (comments welcome here).
- should I implement the first part in OpenSSL as well?