In my last post I covered 9front server side tls - now we begin the client side. I found that most of the user space tls stuff is not *that* interesting or it's stuff for another post. So, we'll jump right in to C *Thinks back to earlier today* orthanc% ./sha1sum -3 256 /amd64/9pc64 sha1sum 238299: suicide: sys: trap: fault write addr=0x0 pc=0x00006afb *screams* Ok, but thats for the next post. Back to tls. This is scary easy stuff. "dial" your server int fd = dial("tcp!server!port") Create a tls connection, this lets you seek for info on your connection (say, certs) conn = (TLSconn*)mallocz(sizeof *conn, 1); start the tls "pipe" fd = tlsClient(fd, conn); Now you can read and write using that fd like you would on the server side, but you should check those certs if(!okCertificate(conn->cert, conn->certlen, table)) sysfatal("suspect server: %r"); I do know that there is no real CA validation as of now, I may work on fixing that. Ok, that's all I have for now, see you next post. -- Fulton