What

I'd like to bounce around the idea of accepting command line arguments (for any deno logic that deals with the network) for client_cert_chain_and_key in CreateHttpClientOptions.

Where

• Implement for usage in CreateHttpClientOptions.
• Implemented as a top level flag for deno that feeds into the logic for deno run.

How

• Ideally a --client-cert and --client-key command line argument.
• Maybe even environment variables if the callee cannot control the program arguments?

Why

I have an odd setup where I have a self-signed client certificate + key with an unknown issuer. I want to use the file import functionality (e.g import { foo } from 'https://my.own.server/foo.ts' with a server that I control that has a odd TLS scheme outside of my control.

I am comfortable using --unsafely-ignore-certificate-errors to get past that, but in my brief attempt I could not get the underlying hyper http machinery to accept my crudely hacked in client cert and key (instantiated at http_util.rs's HttpClientProvider::new. I was however able to configure the TLS connector to accept my certificate and key in a standalone program, and I've (mostly) verified that the TLS configurations are the same there and in demo. (e.g alpn negotiation, underlying crypto module (ring), verifier functionality and supported_verify_schemes.

You can take a look at the demo program here.