This patch adds two new TLS-related features.


Allow the client to provide a certificate for TLS client authentication.

Previously, connecting to a server which requires clients to authenticate using

a TLS certificate was difficult and required using external tools such as stunnel.

Requiring client authentication adds security, because it prevents unauthorized users

without a certificate to even connect to the reviewboard instance. Furthermore,

it optionally allows for using the CN as the user's identity.

After this change, the user can specify a client certificate (and key) to present

to the server at the time of connection.


Allow the client to validate server certificates signed from custom CAs.

Previously, the user had to disable verification of the server certificate

when connecting to a server using a certificate signed by a custom CA.

After this change, the user can provide additional CAs that can be used to perform

server certificate validation, without disabling verification and thus providing a

more secure connection.

Minor testing using a private server signed with custom CA and requiring client certificate.