TLS Certificate Validation (Client + Server)

[Jon Deon <jld_eon yahoo com>]

I'm trying to use TLS to authenticate my HTTPS connections.  I'd like to verify the server's certificate 
against a CA, as well as pass a client certificate to the server and verify that against the CA as well. 

That means I have to do four major things, I believe:

1. Specify a server certificate in my server code
2. Validate client certificates in my server code
3. Specify a client certificate in my client code 
4. Validate server certificates in my client code


As I understand it, as of 2.48 it is possible to send client certificates to the server, so I've upgraded to 
libsoup 2.48.  I *think* I have three of these things figured out:

1. Pass a valid GTlsCertificate * to the "tls-certificate" parameter of SoupServer
2. ?
3. Pass a valid GTlsInteraction * to the "tls-interaction" parameter of SoupSession, probably a custom 
subclass of GTlsInteraction
4. Pass a valid GTlsDatabase * to the "tls-database" parameter of SoupSession, and adjust "ssl-strict" or 
implement my own validation as per the docs for "ssl-strict" 

I could be wrong about the ones I think I know, but that seems to be what makes sense based on my reading of 
the docs.  If I am mistaken, I'd appreciate any corrections.

The real problem is that I don't know how to solve #2.  The "ssl-test.c" test for this doesn't use 
SoupServer, it sets up a lower level GSocketService and establishes TLS on the socket itself, then hooks 
"accept-certificate".  

It's not clear to me how to get to the "accept-certificate" callback stage while using the real SoupServer 
object.  Has anyone done this who could provide some example code?

Thanks,
Jon