`gnutls-cli -rehandshake` should offer client certificate only on subsequent handshake
when using gnutls-cli --rehandshake --x509keyfile key.pem --x509certfile cert.pem foo.example
, the client certificate should only be sent on the subsequent handshake.
This is the only way with TLS 1.2 and earlier to protect the cleartext of the x509certfile
, so it would be nice to have an easy way to test servers that might offer such a feature.