Certificate authentication works. pwmd will require a client to send a
certificate that has been signed by the certificate authority located in
~/.pwmd/ca-cert.pem. There is no Assuan tcp support yet, so libpwmd
will have to wait. In the mean time, socat does work:
socat openssl:host:port,cafile=ca-cert.pem,cert=client-cert.pem,key=client-key.pem -
Be sure to keep the private key that generated ca-cert.pem secure.
This is needed to sign client certificates. If compromised, an
attacker will be able to connect from anywhere. Same goes for your
client certificate and key, of course.